/
2023 - 11 - 14

2023 - 11 - 14

Owned by fayyaadh adams
Last updated: Dec 12, 2023

Attendance: 10 members


Agenda:

  • Introduction & welcome to new members
  • Community Update
  • Security practices
  • Communicating the roadmap
  • Q&A


Notes:

  • Community Update
    • We will formally announce our contribution to Hyperledger on the 28th of November
    • Our meetup will be on the 5th of December 2023 at 7am Pacific time
  • Security practices
    • We need to ensure proper checks and balances around the CI pipeline
    • Ensure we can accept contributions with a low barrier to entry
    • Ensure our automation tools are protected from abuse (run the pipeline only when a maintainer comments/or reviewed, limit what the pipeline can do)
    • Have a process and take advantage of the tools we already have linked in - for example static code analysis for code quality
    • Have a template for TARA or at time of feature definition (Does this feature touch crypto or allow arbitrary code to be run)
    • Maintainers as a point of contact to be security aware
    • Think through publications of security issues from external audit - external code review findings for example (responsible disclosure)
    • Ensure we have a security policy with contact details in the repo
    • Be part of and publish findings on the security of the protocols we implement and support
    • It should be hard to build insecure solutions that create harm for the people using or subjected to them
    • ACTION: we will draft a security policy. We will also update the contribution guidelines to include a security checklist 
  • Communicating the roadmap
    • The open enterprise agent will be part of a wider set of components
    • We briefly touched on where we should communicate the roadmap
    • We also touched on what should be included in the roadmap going forward