Attendance: 10 members
Agenda:
- Introduction & welcome to new members
- Community Update
- Security practices
- Communicating the roadmap
- Q&A
Notes:
- Community Update
- We will formally announce our contribution to Hyperledger on the 28th of November
- Our meetup will be on the 5th of December 2023 at 7am Pacific time
- Security practices
- We need to ensure proper checks and balances around the CI pipeline
- Ensure we can accept contributions with a low barrier to entry
- Ensure our automation tools are protected from abuse (run the pipeline only when a maintainer comments/or reviewed, limit what the pipeline can do)
- Have a process and take advantage of the tools we already have linked in - for example static code analysis for code quality
- Have a template for TARA or at time of feature definition (Does this feature touch crypto or allow arbitrary code to be run)
- Maintainers as a point of contact to be security aware
- Think through publications of security issues from external audit - external code review findings for example (responsible disclosure)
- Ensure we have a security policy with contact details in the repo
- Be part of and publish findings on the security of the protocols we implement and support
- It should be hard to build insecure solutions that create harm for the people using or subjected to them
- ACTION: we will draft a security policy. We will also update the contribution guidelines to include a security checklist
- Communicating the roadmap
- The open enterprise agent will be part of a wider set of components
- We briefly touched on where we should communicate the roadmap
- We also touched on what should be included in the roadmap going forward
...