NOTE: This report is in draft and is not complete. TOC members should wait until the "Draft" tag is removed before reviewing the report. Thanks.
Project Health
The project health is currently shaky. The reason for this being that we have decreased our recruitment efforts that we mentioned in the last report and have not gained any continues to be shaky, albeit with a few signs that could improve the outlook. On the negative front, no new maintainers or contributors . We have done this on purpose since we are currently handling a major security vulnerability and can't discuss it with larger groups and have used the time of the core maintainers to take care of this issue. We will not discuss the vulnerability in this report as it is currently been add this quarter and Camilo Parra has officially stepped away from the project because his job no longer involves Hyperledger projects. Work continues on the security vulnerability mentioned in the last report. The vulnerability remains confidential and has not been publicly released as a github CVE. After these efforts are merged
On a more positive note, a code review and assessment of Ursa was completed this past quarter and published by the Digital Identity Lab of Canada (IDLab). While there were some issues identified, they were relatively minor – a positive result. The full report is available here. Thanks to the IDLab and the contributors in the creation of the report, several Canadian public sector entities and Interac (Canada’s interbank network).
An expected outcome from the (very) recent approval of the Hyperledger AnonCreds project is an increase in focus on and (hopefully) activity in Ursa. The purpose of the AnonCreds project is to expand the awareness of AnonCreds, its capabilities and applicability beyond Indy. With that awareness, we expect an increase in use of the verifiable credential format and as such, the underlying open source code, including the code within Ursa.
As noted in the previous report, we hope to continue our recruitment of new maintainers and contributors to further along operation Oso (code refactoring).
Required Information
- Have you switched from master to main in all your repos? Yes
- Have you implemented the Common Repository Structure in all your repos? Yes
- Has your project implemented these inclusive language changes listed below to your repo? No
- Have you added an Inclusive Language Statement to your project's documentation and/or Wiki pages? No
...
Overall Activity in the Past Quarter
We have made significant changes to the Anoncreds documents. This adds a new revision and accounts for parts that were not accounted in the original paper. There also is a pull request for the first step in our refactoring efforts that creates all the base code and helper functions to create the rest of URSA. We hope to have this reviewed and merged soon.There was very little activity this past quarter as this Ursa Activity Dashboard shows.
Current Plans
As it was mentioned before we hope to have the high risk vulnerability fixed and released. All the planning and coordination for these efforts have been completed. The next task is to finish and review the code and that should be done in the next few months. After this is completed the next step is to finish another section of the Ursa refactoring. This will probably be the ursa-signatures part of the refactoring. This will greatly help out Indy and others who depend heavily on URSA for it's cryptographic key tools.
...
- Mike Lodder (Independent)
- Brent Zundel (Evernym Inc.)
- Dan Anderson (Intel)Cam Parra (Kiva)
- Dan Middleton (Intel)
Contributor Diversity
...