"The Koha community has the following procedure posted: https://koha-community.org/security/. Essentially, they define a Security Team of release managers/maintainers and other folks known in the community (many of whom have assumed those roles in previous releases). Issues are filed into a separate project, presumably with tighter access controls. Once the fixes are made, they're backported into all supported releases, and the community is notified to install the latest updates to their current version."
???
Security Issues - Releasing fixes
All
There were a bunch of security issues created last week, w/ varied priority.
When will these be released?
Part of Q3.2?
Wait until Q4?
Possibly a Q3.3 security release?
Update on DEBT-6
All
Performance and Longevity Testing update. From last meeting:
How can we break this problem up?
Environment - Core Platform
Defining the test scenarios (which tests, how many of each, what data is needed, how big a dataset, etc.) ← Likely community product owner-type
Building the tests themselves - Core Functional ( ? )... some teams have created sets of Jmeter tests - these may be useful too. Would be helpful to leverage all teams to build these tests
Collect and/or create data to be used - Mike and Tod to query Sys-Ops, potentially need to augment and/or curate additional data. Harry K might have a standard set of users
Identifying which tools can be used to profile the application so that we can assess the results