2022 Q3 Hyperledger Ursa
Project Health
The project health continues to be shaky, albeit with a few signs that could improve the outlook. On the negative front, no new maintainers or contributors have been add this quarter and Camilo Parra has officially stepped away from the project because his job no longer involves Hyperledger projects. Work continues on the security vulnerability mentioned in the last report. The vulnerability remains confidential and has not been publicly released as a github CVE.
On a more positive note, a code review and assessment of Ursa was completed this past quarter and published by the Digital Identity Lab of Canada (IDLab). While there were some issues identified, they were relatively minor – a positive result. The full report is available here. Thanks to the IDLab and the contributors in the creation of the report, several Canadian public sector entities and Interac (Canada’s interbank network).
An expected outcome from the (very) recent approval of the Hyperledger AnonCreds project is an increase in focus on and (hopefully) activity in Ursa. The purpose of the AnonCreds project is to expand the awareness of AnonCreds, its capabilities and applicability beyond Indy. With that awareness, we expect an increase in use of the verifiable credential format and as such, the underlying open source code, including the code within Ursa.
As noted in the previous report, we hope to continue our recruitment of new maintainers and contributors to further along operation Oso (code refactoring).
At the Ursa meetings, conversation is focused on a roadmap for the projects.
Required Information
- Have you switched from master to main in all your repos? Yes
- Have you implemented the Common Repository Structure in all your repos? Yes
- Has your project implemented these inclusive language changes listed below to your repo? No
- Have you added an Inclusive Language Statement to your project's documentation and/or Wiki pages? No
Questions/Issues for the TSC
There are no issues at this time.
Releases
No releases have been made this quarter but we hope to get some out soon for URSA-base after the pull request is reviewed and merged. Again this is a lower priority than the current security vulnerability.
Overall Activity in the Past Quarter
There was very little activity this past quarter as this Ursa Activity Dashboard shows.
Current Plans
As it was mentioned before we hope to have the high risk vulnerability fixed and released. All the planning and coordination for these efforts have been completed. The next task is to finish and review the code and that should be done in the next few months. After this is completed the next step is to finish another section of the Ursa refactoring. This will probably be the ursa-signatures part of the refactoring. This will greatly help out Indy and others who depend heavily on Ursa for it's cryptographic key tools.
Maintainer Diversity
- Mike Lodder (Independent)
- Brent Zundel (Evernym Inc.)
- Dan Anderson (Intel)
- Dan Middleton (Intel)
Contributor Diversity
Additional Information
Reviewed By
- Angelo de Caro
- Arnaud J LE HORS
- artem
- Arun S M
- Bobbi Muscara
- Danno Ferrin
- David Enyeart
- Grace Hartley (Deactivated)
- Jim Zhang
- kamlesh nagware
- Nathan George
- Peter Somogyvari
- Tracy Kuhrt
- Troy Ronda