Project Health

The project health is currently shaky. The reason for this being that we have decreased our recruitment efforts that we mentioned in the last report and have not gained any new maintainers or contributors. We have done this on purpose since we are currently handling a major security vulnerability and can't discuss it with larger groups and have used the time of the core maintainers to take care of this issue. We will not discuss the vulnerability in this report as it is currently confidential and has not been publicly released as a github CVE. After these efforts are merged we hope to continue our recruitment of new maintainers and contributors to further along operation Oso (code refactoring).

Required Information

  1. Have you switched from master to main in all your repos? Yes
  2. Have you implemented the Common Repository Structure in all your repos? Yes
  3. Has your project implemented these inclusive language changes listed below to your repo? No
  4. Have you added an Inclusive Language Statement to your project's documentation and/or Wiki pages? No

Questions/Issues for the TSC

There are no issues at this time.


No releases have been made this quarter but we hope to get some out soon for URSA-base after the pull request is reviewed and merged. Again this is a lower priority than the current security vulnerability.

Overall Activity in the Past Quarter

We have made significant changes to the Anoncreds documents. This adds a new revision and accounts for parts that were not accounted in the original paper. There also is a pull request for the first step in our refactoring efforts that creates all the base code and helper functions to create the rest of URSA. We hope to have this reviewed and merged soon.

Current Plans

As it was mentioned before we hope to have the high risk vulnerability fixed and released. All the planning and coordination for these efforts have been completed. The next task is to finish and review the code and that should be done in the next few months. After this is completed the next step is to finish another section of the Ursa refactoring. This will probably be the ursa-signatures part of the refactoring. This will greatly help out Indy and others who depend heavily on URSA for it's cryptographic key tools.

Maintainer Diversity

  • Mike Lodder (Independent)
  • Brent Zundel (Evernym Inc.)
  • Dan Anderson (Intel)
  • Cam Parra (Kiva)
  • Dan Middleton (Intel)

Contributor Diversity,%22type%22:%22datemath%22,%22to%22:%22now%22%7D.  

Additional Information

Reviewed By

Submission date

$action.dateFormatter.formatGivenString("dd-MMM-yyyy", $content.getCreationDate())


    1. Has your project implemented these inclusive language changes listed below to your repo? No
    2. Have you added anInclusive Language Statementto your project's documentation and/or Wiki pages? No

    Do you have plans for when these two items will be addressed?

  1. Cam Parra – When you are ready to restart recruitment efforts for Ursa, let us know and we're happy to help.  I think there is interest from people in the community around using and contributing to Ursa that we can tap into by doing more outreach and engagement. 

    For example, there have been a couple recent meetups about Digital Identity Laboratory's Ursa code review and almost 200 people registered for those – I think that's a good sign of interest.  In general we're also seeing really good interest in any workshop style events we've been running, so a how to use and how to contribute to Ursa workshop could be worth considering.