2017 05 11 TSC Meeting

Hyperledger Project

Technical Steering Committee (TSC) Meeting

dummyfile.txt

May 11, 2017 (7:00am - 8:00am PT) via GoToMeeting

TSC Members

Arnaud Le Hors

Yes

Binh Nguyen

Yes

Christopher Ferris

Yes

Dan Middleton

Yes

Greg Haskins


Hart Montgomery

Yes

Mic Bowman

Yes

Murali Krishna Katipalli

Yes

Richard Brown

Yes

Sheehan Anderson

Yes

Tamas Blummer

Yes


Resources:


Beijing Hackfest

  • Focusing entirely on Hackfest (will not hold a Hackathon during weekend prior)
  • Space for up to 200 participants at Hackfest on June 19-20
  • In addition to typical Hackfest activities, let’s also focus on bringing in new devs and getting them up to speed on how to be contributors to the different projects
  • Strongly encourage our global technical community to travel for this event


Cello Community

  • Brian:  Happy to see the Hyperledger Community have a frank discussion, positive contributions, and manage to resolution.  One of the challenges in open source is the concern that the “real” conversation is happenign somewhere else -- anything we can do to migitate that is a good thing.
  • Formal discussions need to happen in formal channels.  Unofficial channels should only be used sparingly and should still be open and accessible.  Encourage everyone to use the official channels in place.
  • It is ok to observe what is happening in open source communities, do not need to be actively contributing to be allowed to observe.
  • CF:  TSC has deferred project governance to the projects themselves.  But, having a periodic review of openness, diversity, communication, etc. would be a good thing.
  • Brian:  Should develop some documentation and basic guidelines around what we want to standardize around developer culture, how to move from contirbutor to code reviewier or maintainer, etc.


Iroha (Makoto Takemiya)

  • Intent to seek approval to graduate to active status (proposal pending)
  • Progress on core system, Community has also grown a lot (50% of contributors are non-Soramitsu)
  • Suggestion was made to stop using Telegram for communication and encourage the Iroha Community over to the official channel on rocket.chat.


CII Badge Certification Requirements and Secruity Bug Process discussion

  • Dave Huseby provided and overview of the Hyperledger Security Bug Proposal Draft
  • Q:  Why keep security bugs private?
    • Dave:  It takes time to figure out correct solution and also allows a response team to go out to existing installs to provide them a way to patch before it is known publicly.  Once a vuln is disclosed, hacking tools will start scanning to exploit unpatched installs.
  • Consider CII Badge requirement to advance a project from incubation to active?
  • Q:  What about is a project is not related to security?
    • There can be security holes in any software.
  • Q:  Is the CII Badge enough?  Does it provide a false sense of complacency related to security?
    • Dave:  CII badge is more focused on doing the right things in OSS.  Under that umbrella, there are some security pieces that we will supplement a more robust process.
  • Dave will update proposal based on this and other discussion, then bring to a vote next week.