2023-01-04 Meeting notes

Date

Attendees 

Discussion items

TimeItemWhoNotes

1 minScribeAll
10 minTCR Board Review

All

Reminder:  27th January is the Deadline for acceptance of new modules by Technical Council

5 minRFCsAll

New RFC to review from Olamide

Radhakrishnan Gopalakrishnan suggested that the first step would be for TC members to start commenting on the RFC Craig McNally will remind folks to start giving feedback


Today:

  • limited feedback so far
  • Please review and provide feedback before next Wednesday  
10-15 min

Technical Council Sub Groups Updates

All

Went through the subgroup list quickly, no many updates:

  • Breaking changes - next week
  • TC Charter Revisions - Jan 11
  • ADR process improvements - a bunch of in-progress decisions
  • Distr vs. Centr. Conf - some options are compiled; the question is if it's okay to discuss security issues / vulnerabilities in public space? - seems yes,
  • Arch Review - nothing to report
1 minTC Communication Channels

As part of the review of the ADR process, it was recognized that the communication mechanisms for the TC could be outdated.

Craig McNally asked if folks are still using the discuss forums for communication? Marc Johnson advised that it has low traffic and that the Community Council has an active proposal for deprecating discuss and potentially replacing it (and some uses of Slack) with a variety of (new) mailing lists
Craig McNally noted that the TC mailing list had a request from a developer to join FOLIO. Ingolf Kuss agreed to contact the developer, because their skills with SQL might mean they are well suited for the reporting area
Craig McNally advised that discuss and the mailing list will be removed and slack will be added


Today:

  • Quick update - the wiki page has been updated

Craig McNally The wiki page is updated with a Slack channel

5 minUpcoming meetings
  • tri-council meeting:   9:30 AM ET (Product Council is at https://zoom.us/j/867230970 (and then Tri-Council Meeting apparently also))
    • Topic:  "What is FOLIO?"
      • Try to reach agreement on terminology... Simeon and Kristin to provide strawman definitions
        • the FOLIO "platform" vs "product"
        • what is an "app"
        • etc.
      • Update on where various related efforts stand...
        • platform minimal
        • Julie Bickle's group/FOLIO builds
        • etc.
  • Folio chairs meeting:   
    • recurring every 2nd Tuesday of each month
  • TC dedicated discussion:   11:00 AM ET
    • Topic:  Tools/Dependencies Versions continued
25 min

https://folio-org.atlassian.net/browse/TCR-21

All

Discussion of open questions on TCR-21 and the review process in general:

  • Radhakrishnan Gopalakrishnan Security review - there's no issues flagged by Sonar, but maven plugin from OWASP flagged some issues in dependent libraries so should such review concerns about this fact? - Craig McNally We have not done it before for other reviews.
  • Radhakrishnan Gopalakrishnan What are Apache-2.0 compatible licenses? Should we use some public list, or do we have something in FOLIO? It's only for this particular module but rather FOLIO wide. - Marc Johnson In fact, it seems one pays not much attention to this; Apache has some guidance, but it's pretty complicated. Craig McNally The same thing - skip for now and raise this as a separate issue
  • Radhakrishnan Gopalakrishnan How to verify there's no sensitive information stored in source code? - Craig McNally No need to go line by line; maybe checks for some keywords (like pass, pwd etc?) or some rules in Sonar?
  • Maccabee Levine Is there any criteria about namespaces or something, or about an influence of a module on other modules? - No. There was some discussion around this.

Topic Backlog

20 min

WOLFcon Hot TopicsAll

An overview was provided of the "hot topics" at WOLFcon.  It seems clear that the TC ought to be involved in these discussions/efforts;  what is the best way to participate?

  • Platform minimal
  • Applications/bounded contexts & application management
  • Blue/green deployments
  • Kafka/messaging improvements
  • FOLIO governance
  • API technical debt
  • ???

Notes: Deferred


Cyber Resilience Act

From Craig McNally in #tech-council:

This was brought to my attention earlier today...
https://blog.nlnetlabs.nl/open-source-software-vs-the-cyber-resilience-act/
While it's still just a proposal, I think FOLIO should keep an eye on, and maybe even try to get ahead of in anticipation of this.  I will add it to the agenda for next week's meeting.  This is a short read that does a decent job of laying it all out.  Please take a look prior to next Wednesday.  Thanks! 

  • Have folks had a chance to read through any of this?
  • What, if anything do we think the TC should do about this?
    • Raise awareness among other councils?
    • Seek legal advice in anticipation of this being passed?
    • Is there anything else we want to do to be more prepared for this in the event it does get passed?

Today: Deferred


Ease of Installing FOLIO

All / Ian Walls 

From last week:

  • Ease of installing/deploying FOLIO - Ian Walls , Marc Johnson , Jeremy Huff
    •  Primary task the Tc would take on by making FOLIO easier to get up and running. Would also reduce AWS costs so that the money coming from Membership groups can be flowed to other aspects of FOLIO. Tc is the best equipped group to decide on how to make installing and deploying Folio easier and cheaper.
    • Craig McNally - Brainstorming open ended session with Ian Walls and then discuss further before or after WOLFcon depending on the brainstorming session. Ian Walls and Tod Olson to frame the topics of discussion for the brainstorming. 

Today:

  • Probably defer, but keep on the agenda so we don't lose track of this...

Revisiting FOLIO Governance

All / Ian Walls 

Slack discussion:  Revisiting FOLIO Governance 

    • Ian Walls - should be best discussed in cross council meeting possibly at WOLFcon. Idea to was bring this up at a high community level not necessarily the Pc or TC. Doesn't need to be on TC agenda next week. Aspects to be discussed at WOLFcon.
    • See also:  messages to PC and CC council channels




Action Items

  •