2024-12-05 Meeting notes
Date
Attendees
Name | Present | Planned Absences |
---|---|---|
Yes | ||
Yes | ||
Yes | ||
Yes | ||
Kevin Day | ||
Jens Heinrich | Yes |
Discussion items
Time | Item | Who | Notes |
---|---|---|---|
0 min | Issue tagging idea | Jens Heinrich | Idea: Have a Tag
|
0 min | Jira Group and Security Level review | Team | From Craig in slack:
Today:
|
0 min | - SECURITY-177Getting issue details... STATUS - SECURITY-182Getting issue details... STATUS - SECURITY-189Getting issue details... STATUS | Team | Do we need to backport these fixes to Q? If so, it will need to go into CSP6
Today: |
25 min | Policy for deprecating and eventulaly removing unsupported code | Team | The idea is to draft a proposal policy for this and run it by the TC for approval... "mod-foo has known security vulnerabilities which are high/critical and have not been addressed in N months. If these aren't addressed within N months the repository will be archived" Something like that...
Today: Jens Heinrich created a draft and Julian Ladisch gave inputs on better handling of edge cases A dedicated page has been created at https://folio-org.atlassian.net/wiki/x/KAAHJw |
* | Anything Urgent? Under Review Filter: Getting issues... | Team |
|
Topic Backlog | |||
Time permitting | Advice for handling of sensitive banking information | Team | From slack conversation, I think I've gathered the following:
Let's review and discuss before providing this feedback to Raman. Axel Dörrer also suggested that defining classes of sensitivity could help teams determine which techniques are applicable in various situations. I agree having some general guidelines on this would be helpful.
It would probably help to provide concrete examples of data in each class. This can be a longer term effort, we don't need to sort out all the details today.
Today: Axel Dörrer to do a first draft as a base for further discussions |
Status on pentesting works within Network traffic control group | Due to some absences on different reasons the group stalled. Axel will try to reactivate the group. | ||
Okapi Debian Package - FOLIO-3896Getting issue details... STATUS |
|