2022-01-20 Besu Contributor Call

(Meeting Link: ⁨https://zoom.us/j/97540031823?pwd=dEJrRW1LakFlWnZPelI3VGxoVjg2dz09)

EMEA/AMER Friendly Time -  1500 UTC (https://www.timeanddate.com/worldclock/converter.html?iso=20201012T150000&p1=224&p2=179&p3=1440&p4=195&p5=47)

• 8 AM Thursday San Francisco

• 11 AM Thursday New York

• 3 PM Thursday UTC

• 5 PM Thursday Paris/Berlin

• 1 AM Wednesday Brisbane

Agenda

•  Housekeeping

  • Antitrust notice - https://www.linuxfoundation.org/antitrust-policy/

  • This meeting is being recorded

  • Please Mute unless speaking

  • If you have a question use the raise hand feature

• General Announcements

  • Incentive Program Update

• Metrics Review - https://insights.lfx.linuxfoundation.org/projects/hyperledger%2Fbesu/dashboard;quicktime=time_filter_3Y

• Roadmap Review - Besu Roadmap & Planning

• Release updates

  • 21.10.7 - dependency updates to address vulnerabilities

  • 21.10.8 - includes Mystique ETC hardfork

  • 21.10.9 - with fix for cors origin - related to vert.x upgrade - will be done by the time of this meeting - @Justin Florentine

  • Tracking who is doing each release Release Rotations 2022

  • Team is working toward several Release Process Improvements here

• Work Updates

  • trace APIs - ongoing

• Other Business 

  • Proposed change to emeritus guidelines - merged https://github.com/hyperledger/besu/pull/3233

  • Hyperledger Chat Task Force is close to finalizing a proposal

• Open Forum

  • Besu has no automation around vulnerability scanning. @Sally MacFarlane is looking at options for this. Ideas and feedback welcome.

    • (21.10.7 was created because of vulnerabilities raised by a user of Besu. Users are being more diligent about this since log4j issues.)

    • one proposed solution: nightly scan of docker image with trivy https://github.com/hyperledger/besu/pull/3295

• Future Topics

View recording: