Minutes 2024-01-20

Meeting was on Saturday January 20th 2024, at 12:00 UTC.

Attendees & regrets

  • Attendees
    • @sjn, @oalders, @stigtsp, @ingy, @timlegge
  • Absent
    • @petek, @ingy
  • Regrets
    • @karjala, @jjatria

Quick summary of current work

  • @sjn; Charter to be simplified
  • @sjn; PackageURL ready to move forward to spec
  • @stigtsp; Transparancy logs work ongoing
  • @stigtsp; Vulnerability index work ongoing. Sepratate conversation with @garu wanted
  • @sjn; CPAN year of Secure by Default: Text in progress
  • @stigtsp; Other work: Securing Mojolicious
  • @stigtsp; Other work: Looking for insecure dependencies on CPAN, with CVEs

Ongoing vulnerabilities

  • @tux: CVE-2023-7101: Thank you to the new maintianer of Spreadsheet::ParseExcel
  • @timlegge: CVE-2024-22368 & CVE-2024-23525 - Spreadsheet::ParseXLSX has now a permanent new maintainer.
  • @timlegge: Timeline blogpost upcoming; we’ll post on security.metacpan.org

Operating changes

  • @sjn; PR minutes; Voted yes, unanimously
  • @sjn; Try meeting in 3 weeks as a test. Voted yes, unanimously
  • @sjn; Meeting participation needs signed pre-release disclosure agreement; Voted no – embargoed info not to be discussed on these meetings.
  • @ingy; Move meetings to Saturdays 15:00 UTC; Voted yes, unanimously

Upcoming events and deadlines

  • FOSDEM; @sjn got suggestion of someone to speak with regarding SBOM/CPAN/Other ecosystems
  • PTS, TBD
  • Soverign Tech fund deadline, TBD

Next meeting data, time, organizer & deputy

  • Saturday Feb 10th, 15:00 UTC; meeting chair @oalders, secretary @sjn