Minutes 2024-08-01
- Meeting details
- Welcome
- Attendees, absents & regrets
- Approve previous meeting minutes
- Quick summary of current work
- TLS/HTTPS in core
- German Sovereign Tech fund is open for applications
- Ongoing vulnerabilities
- Secure by Default
- Eclipse ORC WG
- CycloneDX 1.7 Sustainability fields
- CPAN Meta Requirements and PURLs
- POSIX::2008 vulnerabilities
- SBOM/Supply Chain
- CNA Update
- Upcoming events and deadlines
- Operating changes
- Elect next meeting chair and secretary
- Next meeting date, time and location
- 18:00 UTC – Meeting end
- 18:30 UTC – End
Meeting details
- August 1st, 2024 17:00 UTC on #cpansec-discussion on Matrix
Welcome
- Meeting chair: @sjn
- Meeting secretary: @tux
Attendees, absents & regrets
- Attendees
- @sjn
- @stigtsp
- @tux
- Regrets
- @timlegge
- @petek
- @leont
- Partly Absent
- @garu
- @timlegge
@stigtsp and @tux returned from vacation, so nothing new to add
Approve previous meeting minutes
- Previous meeting minutes was approved by @sjn
Quick summary of current work
- We skipped this section and we will discuss it next meeting, hoping @tux would have found time to organize stuff â„¢
TLS/HTTPS in core
- Skipped due to @leont and @BooK not being present
German Sovereign Tech fund is open for applications
- Stalled: work is registered in a spreadsheet
Ongoing vulnerabilities
- POSIX-2008 is work-in-progress
- cpanminus ongoing in not being https by default (nothing happened yet) @stigtsp has thoughts about it, but correctness and diplomacy are the most important parts
Secure by Default
- Touches the cpanminus issues: look at CPAN modules (including the CPAN clients), https & certificates are step 1
- @stigtsp will try to make a list of things to do
Eclipse ORC WG
- @sjn is following this (slow) process on behalf of CPANSec. The group is trying to come up with suggestions. The web meets are very informative and usefull. Stuart was asked to join on behalf of TPRF
CycloneDX 1.7 Sustainability fields
- Steve Springett was contacted. Meetings planned in a two-week cycle. This will have influence on CPAN metadata and administrators. Expect more soon!
CPAN Meta Requirements and PURLs
- Writing in progress
POSIX::2008 vulnerabilities
- See above
SBOM/Supply Chain
- Work In Progress â„¢ - simplification and feedback urgently needed
- Tooling are for now just thoughts
- The level of user-docs and -tools is to be separated into understandable pieces
- An in-person meet will be investigated
CNA Update
- @timlegge: no progress
- @timlegge: Still need to reach out to Stuart regarding what exactly the CNA would need to be successful
Upcoming events and deadlines
Outreach is important and needs to continue
- PostgreSQL Lowlands 2024 NL - Fri 13 Sep 2024 -
- Open Source Summit Europe in Vienna, Austria - September 16-18 + 19-20 - Lots of people from OpenSSF + SBOM + Supply chain security communities
- All Systems Go - Sept. 25-26th, Berlin
- London Perl Workshop - Saturday 26th October 2024 - possible talk opportunities
Operating changes
- Quick summary on ongoing work - give more insight
Elect next meeting chair and secretary
- Chair: #TBD
- Secretary: #TBD
Next meeting date, time and location
- Next meeting is 15-08-2024 (15th Aug) @ 16:00UTC (if peterk can attend, 17:00UTC if not) in #cpansec-discussion on Matrix