2020-05-01 - System Operations and Management SIG Agenda & Notes

Date

Attendees

Goals

  • Learn about Security Audit (which has been discussed in the TC) and recent developments in Release Management.

Discussion items

TimeItemWhoNotes
5WelcomeIngolf
  • Welcome; Find a Note Taker
25Security AuditStephen Pampell

Update on Security Audit + discussion

Recap: selected NCC to do security audit of Edelweiss release. Audit conducted in February. Probed primarily Okapi and Authentication. Several issues found, but nothing critical or demanding instant attention. 

JIRA:  FOLIO-2524 - Getting issue details... STATUS  (Umbrella issue)

Running notes: FOLIO Weekly Updates -- Q2 2020

A number of issues are targeted for Goldenrod release.

Security team is being pulled together as subgroup of TC, will begin meeting May 8, a week from today. Main function is to triage any incoming security issues, determine severity and work with rest of community to take action as appropriate.

25Release ManagementMike Gorell

Update on Release Management + discussion

Sides: Tech Council -- Recommendation for Release Numbering 

Basic idea: There will be a LTS (long-term support release) train and a quarterly release train. At the beginning of the LTS, these are the same. Quarterly train continues on quarterly cadence. P1 (Priority 1) functional issues will trigger maintenance releases, first to be fixed in quarterly release and then maintenance release for LTS. P2 and lower functional issues will be fixed in quarterly releases, not trigger a maintenance releases. LTS will not get new functionality during its lifetime.

For security issues, P1 and P2 will trigger maintenance release for current LTS, P1 will also be back-ported to previous LTS only.

SysOps comfortable with the functional and security maintenance release concepts.

Some suggestions about numbering conventions, captured in slides.

5Topics for next meeting
Hotfix release

Fröhlichen 1. Mai !
Happy holiday!

Action items

  •