2020-05-01 - System Operations and Management SIG Agenda & Notes

5

Welcome

Ingolf

• Welcome; Find a Note Taker

25

Security Audit

Stephen Pampell

Update on Security Audit + discussion

Recap: selected NCC to do security audit of Edelweiss release. Audit conducted in February. Probed primarily Okapi and Authentication. Several issues found, but nothing critical or demanding instant attention. 

JIRA: FOLIO-2524: Security Audit raised issuesOpenPreview (Umbrella issue)

Running notes: FOLIO Weekly Updates -- Q2 2020

A number of issues are targeted for Goldenrod release.

Security team is being pulled together as subgroup of TC, will begin meeting May 8, a week from today. Main function is to triage any incoming security issues, determine severity and work with rest of community to take action as appropriate.

25

Release Management

Mike Gorell

Update on Release Management + discussion

Sides: Tech Council -- Recommendation for Release Numbering 

Basic idea: There will be a LTS (long-term support release) train and a quarterly release train. At the beginning of the LTS, these are the same. Quarterly train continues on quarterly cadence. P1 (Priority 1) functional issues will trigger maintenance releases, first to be fixed in quarterly release and then maintenance release for LTS. P2 and lower functional issues will be fixed in quarterly releases, not trigger a maintenance releases. LTS will not get new functionality during its lifetime.

For security issues, P1 and P2 will trigger maintenance release for current LTS, P1 will also be back-ported to previous LTS only.

SysOps comfortable with the functional and security maintenance release concepts.

Some suggestions about numbering conventions, captured in slides.

5

Topics for next meeting

Hotfix release

Fröhlichen 1. Mai !

Happy holiday!