2023-01-04 Meeting notes

Raman Auramau

All

Reminder:  27th January is the Deadline for acceptance of new modules by Technical Council

New RFC to review from Olamide

• https://github.com/folio-org/rfcs/pull/4

Radhakrishnan Gopalakrishnan suggested that the first step would be for TC members to start commenting on the RFC Craig McNally will remind folks to start giving feedback

Today:

• limited feedback so far
• Please review and provide feedback before next Wednesday 11 Jan 2023 

All

Went through the subgroup list quickly, no many updates:

• Breaking changes - next week
• TC Charter Revisions - Jan 11
• ADR process improvements - a bunch of in-progress decisions
• Distr vs. Centr. Conf - some options are compiled; the question is if it's okay to discuss security issues / vulnerabilities in public space? - seems yes,
• Arch Review - nothing to report

Craig McNally 

As part of the review of the ADR process, it was recognized that the communication mechanisms for the TC could be outdated.

Craig McNally asked if folks are still using the discuss forums for communication? Marc Johnson advised that it has low traffic and that the Community Council has an active proposal for deprecating discuss and potentially replacing it (and some uses of Slack) with a variety of (new) mailing lists
Craig McNally noted that the TC mailing list had a request from a developer to join FOLIO. Ingolf Kuss agreed to contact the developer, because their skills with SQL might mean they are well suited for the reporting area
Craig McNally advised that discuss and the mailing list will be removed and slack will be added

Today:

• Quick update - the wiki page has been updated

Craig McNally The wiki page is updated with a Slack channel

Craig McNally 

• tri-council meeting:  12 Jan 2023 9:30 AM ET (Product Council is at https://zoom.us/j/867230970 (and then Tri-Council Meeting apparently also))
  • Topic:  "What is FOLIO?"
    • Try to reach agreement on terminology... Simeon and Kristin to provide strawman definitions
      • the FOLIO "platform" vs "product"
      • what is an "app"
      • etc.
    • Update on where various related efforts stand...
      • platform minimal
      • Julie Bickle's group/FOLIO builds
      • etc.
• Folio chairs meeting:  10 Jan 2023 
  • recurring every 2nd Tuesday of each month
• TC dedicated discussion:  09 Jan 2023 11:00 AM ET
  • Topic:  Tools/Dependencies Versions continued

Discussion of open questions on TCR-21 and the review process in general:

• Radhakrishnan Gopalakrishnan Security review - there's no issues flagged by Sonar, but maven plugin from OWASP flagged some issues in dependent libraries so should such review concerns about this fact? - Craig McNally We have not done it before for other reviews.
• Radhakrishnan Gopalakrishnan What are Apache-2.0 compatible licenses? Should we use some public list, or do we have something in FOLIO? It's only for this particular module but rather FOLIO wide. - Marc Johnson In fact, it seems one pays not much attention to this; Apache has some guidance, but it's pretty complicated. Craig McNally The same thing - skip for now and raise this as a separate issue
• Radhakrishnan Gopalakrishnan How to verify there's no sensitive information stored in source code? - Craig McNally No need to go line by line; maybe checks for some keywords (like pass, pwd etc?) or some rules in Sonar?
• Maccabee Levine Is there any criteria about namespaces or something, or about an influence of a module on other modules? - No. There was some discussion around this.

Craig McNally /All

From Craig McNally in #tech-council:

This was brought to my attention earlier today...
https://blog.nlnetlabs.nl/open-source-software-vs-the-cyber-resilience-act/
While it's still just a proposal, I think FOLIO should keep an eye on, and maybe even try to get ahead of in anticipation of this.  I will add it to the agenda for next week's meeting.  This is a short read that does a decent job of laying it all out.  Please take a look prior to next Wednesday.  Thanks! 

• Have folks had a chance to read through any of this?
• What, if anything do we think the TC should do about this?
  • Raise awareness among other councils?
  • Seek legal advice in anticipation of this being passed?
  • Is there anything else we want to do to be more prepared for this in the event it does get passed?

Today: Deferred

All / Ian Walls 

From last week:

• Ease of installing/deploying FOLIO - Ian Walls , Marc Johnson , Jeremy Huff
  •  Primary task the Tc would take on by making FOLIO easier to get up and running. Would also reduce AWS costs so that the money coming from Membership groups can be flowed to other aspects of FOLIO. Tc is the best equipped group to decide on how to make installing and deploying Folio easier and cheaper.
  • Craig McNally - Brainstorming open ended session with Ian Walls and then discuss further before or after WOLFcon depending on the brainstorming session. Ian Walls and Tod Olson to frame the topics of discussion for the brainstorming. 

Today:

• Probably defer, but keep on the agenda so we don't lose track of this...

All / Ian Walls 

Slack discussion:  Revisiting FOLIO Governance 

• • Ian Walls - should be best discussed in cross council meeting possibly at WOLFcon. Idea to was bring this up at a high community level not necessarily the Pc or TC. Doesn't need to be on TC agenda next week. Aspects to be discussed at WOLFcon.
  • See also:  messages to PC and CC council channels