2023-01-04 Meeting notes

1 min

Scribe

All

@Raman Auramau

10 min

TCR Board Review

All

Reminder:  27th January is the Deadline for acceptance of new modules by Technical Council

• https://folio-org.atlassian.net/browse/TCR-9 - no updates from the subgroup; maybe next week

• https://folio-org.atlassian.net/browse/TCR-21 (In Review - @Vijay Gopalakrishnan ) The teams uses some outdated template and looks to be not aware about the newer version; no RP ready yet

• https://folio-org.atlassian.net/browse/TCR-22 (Draft) - this is still in Draft status, @Craig McNally will remind Mikita S.

• https://folio-org.atlassian.net/browse/TCR-23 (Draft)  (to be cancelled) - it'll be canceled once the review workflow in Jira is updated

• https://folio-org.atlassian.net/browse/TCR-24 (Submitted) - mod-settings is a spin-off of mod-configuration; need to find a person for back-end code review; the timeline is ~3 weeks (till Jan 27) @Ingolf Kuss and @Jeremy Huff volunteered

5 min

RFCs

All

New RFC to review from Olamide

• https://github.com/folio-org/rfcs/pull/4

@Vijay Gopalakrishnan suggested that the first step would be for TC members to start commenting on the RFC @Craig McNally will remind folks to start giving feedback

Today:

• limited feedback so far

• Please review and provide feedback before next Wednesday Jan 11, 2023 

10-15 min

Technical Council Sub Groups Updates

All

Went through the subgroup list quickly, no many updates:

• Breaking changes - next week

• TC Charter Revisions - Jan 11

• ADR process improvements - a bunch of in-progress decisions

• Distr vs. Centr. Conf - some options are compiled; the question is if it's okay to discuss security issues / vulnerabilities in public space? - seems yes,

• Arch Review - nothing to report

1 min

TC Communication Channels

@Craig McNally 

As part of the review of the ADR process, it was recognized that the communication mechanisms for the TC could be outdated.

@Craig McNally asked if folks are still using the discuss forums for communication? @Marc Johnson advised that it has low traffic and that the Community Council has an active proposal for deprecating discuss and potentially replacing it (and some uses of Slack) with a variety of (new) mailing lists
@Craig McNally noted that the TC mailing list had a request from a developer to join FOLIO. @Ingolf Kuss agreed to contact the developer, because their skills with SQL might mean they are well suited for the reporting area
@Craig McNally advised that discuss and the mailing list will be removed and slack will be added

Today:

• Quick update - the wiki page has been updated

@Craig McNally The wiki page is updated with a Slack channel

5 min

Upcoming meetings

@Craig McNally 

• tri-council meeting:  Jan 12, 2023 9:30 AM ET (Product Council is at https://zoom.us/j/867230970 (and then Tri-Council Meeting apparently also))

  • Topic:  "What is FOLIO?"

    • Try to reach agreement on terminology... Simeon and Kristin to provide strawman definitions

      • the FOLIO "platform" vs "product"

      • what is an "app"

      • etc.

    • Update on where various related efforts stand...

      • platform minimal

      • Julie Bickle's group/FOLIO builds

      • etc.

• Folio chairs meeting:  Jan 10, 2023 

  • recurring every 2nd Tuesday of each month

• TC dedicated discussion:  Jan 9, 2023 11:00 AM ET

  • Topic:  Tools/Dependencies Versions continued

25 min

https://folio-org.atlassian.net/browse/TCR-21

All

Discussion of open questions on TCR-21 and the review process in general:

• @Vijay Gopalakrishnan Security review - there's no issues flagged by Sonar, but maven plugin from OWASP flagged some issues in dependent libraries so should such review concerns about this fact? - @Craig McNally We have not done it before for other reviews.

• @Vijay Gopalakrishnan What are Apache-2.0 compatible licenses? Should we use some public list, or do we have something in FOLIO? It's only for this particular module but rather FOLIO wide. - @Marc Johnson In fact, it seems one pays not much attention to this; Apache has some guidance, but it's pretty complicated. @Craig McNally The same thing - skip for now and raise this as a separate issue

• @Vijay Gopalakrishnan How to verify there's no sensitive information stored in source code? - @Craig McNally No need to go line by line; maybe checks for some keywords (like pass, pwd etc?) or some rules in Sonar?

• @Maccabee Levine Is there any criteria about namespaces or something, or about an influence of a module on other modules? - No. There was some discussion around this.

20 min

WOLFcon Hot Topics

All

An overview was provided of the "hot topics" at WOLFcon.  It seems clear that the TC ought to be involved in these discussions/efforts;  what is the best way to participate?

• Platform minimal

• Applications/bounded contexts & application management

• Blue/green deployments

• Kafka/messaging improvements

• FOLIO governance

• API technical debt

• ???

Notes: Deferred

Cyber Resilience Act

@Craig McNally /All

From @Craig McNally in #tech-council:

This was brought to my attention earlier today...
https://blog.nlnetlabs.nl/open-source-software-vs-the-cyber-resilience-act/
While it's still just a proposal, I think FOLIO should keep an eye on, and maybe even try to get ahead of in anticipation of this.  I will add it to the agenda for next week's meeting.  This is a short read that does a decent job of laying it all out.  Please take a look prior to next Wednesday.  Thanks! 

• Have folks had a chance to read through any of this?

• What, if anything do we think the TC should do about this?

  • Raise awareness among other councils?

  • Seek legal advice in anticipation of this being passed?

  • Is there anything else we want to do to be more prepared for this in the event it does get passed?

Today: Deferred

Ease of Installing FOLIO

All / @Ian Walls 

From last week:

• Ease of installing/deploying FOLIO - @Ian Walls , @Marc Johnson , @Jeremy Huff

  •  Primary task the Tc would take on by making FOLIO easier to get up and running. Would also reduce AWS costs so that the money coming from Membership groups can be flowed to other aspects of FOLIO. Tc is the best equipped group to decide on how to make installing and deploying Folio easier and cheaper.

  • @Craig McNally - Brainstorming open ended session with @Ian Walls and then discuss further before or after WOLFcon depending on the brainstorming session. @Ian Walls and @Tod Olson to frame the topics of discussion for the brainstorming. 

Today:

• Probably defer, but keep on the agenda so we don't lose track of this...

Revisiting FOLIO Governance

All / @Ian Walls 

Slack discussion:  Revisiting FOLIO Governance