Skip to content

Minutes for 2025-12-11 meeting #194

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
thibaultduponchelle merged 4 commits into from
Dec 18, 2025
Merged

Minutes for 2025-12-11 meeting #194

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
287a9d1
Minutes for 2025-12-11 meeting
sjn Dec 13, 2025
dc9c8a3
Minor corrections; Add attendee list; Mark action items with unchecke…
sjn Dec 13, 2025
55f98e6
Add Meeting time & location
sjn Dec 13, 2025
d3c9e51
Remove meeting template, since it was too complex, but leaving in the…
sjn Dec 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 5 additions & 38 deletions meetings/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,9 @@ title: CPANSec meeting details & minutes

Meeting minutes [currently under review](https://github.com/CPAN-Security/security.metacpan.org/pulls?q=is%3Apr+is%3Aopen+label%3Aminutes) on Github (usually available some days after a meeting).

### 2026
* [2026-01-08](cpansec-minutes-2026-01-08.md)

### 2025
* [2025-01-08](cpansec-minutes-2025-01-08.md)
* [2025-01-22](cpansec-minutes-2025-01-22.md)
Expand All @@ -38,6 +41,8 @@ Meeting minutes [currently under review](https://github.com/CPAN-Security/securi
* [2025-06-04](cpansec-minutes-2025-06-04.md)
* [2025-06-18](cpansec-minutes-2025-06-18.md)

* [2025-12-11](cpansec-minutes-2025-12-11.md)

### 2024
* [2024-01-06](cpansec-minutes-2024-01-06.md)
* [2024-01-20](cpansec-minutes-2024-01-20.md)
Expand Down Expand Up @@ -70,41 +75,3 @@ Meeting minutes [currently under review](https://github.com/CPAN-Security/securi
- Sub-items without checkboxes are summaries or notes to the previous item
- Items without checkboxes or @names are for information or finding volunteers
- [ ] Create tickets items are around for too long, or no-one volunteers

### Tasks
- [ ] @name - **Tasks that need to happen** after the meeting get an empty checkbox and the @name of the person leading the work (possibly with helpers);
- Relevant information can be added as sub-items
- [ ] @name - Tasks in sub-items are sub-tasks, and have a @name associated
- [ ] @name - **Tasks that weren't completed** until this meeting have their checkbox remain unfilled, so we remember to find out again during the next meeting if the task is done
- [x] @sjn - **Tasks that are completed** get their checkbox filled with an `X`
- [x] Tasks without a @name associated need to get a @name, so we don't leave tasks lying around unadressed
- If none volunteer, we create a ticket in the appropriate project; The checkbox is filled with an `X`, and therby scheduled for deletion (see below)
- Alternatively, note that voluteers are needed, and *leave the item checkbox empty*

### Topics
- [ ] @name - **Topics that need to be discussed** during the meeting get an empty checkbox and the @name of the person leading the discussion (possibly with others)
- Topics can have additional relevant information added as sub-items
- [ ] @name - **Topics that weren't discussed** during a meeting have their checkbox remain unfilled, so we remember to discuss them during the next meeting
- [x] @name - **Topics that have been discussed** get sub-items added with key points and decisions, and their checkbox filled with an `X`
- @name - Items without a checkbox are for information only. Keep it brief, and have key points added as sub-items. The @name shares the information
- Sub-items without a name or checkbox contain key points, or additional information to the previous points
- [ ] @name - Sub-items like these can have tasks and topics too, just as above
- [x] **Topics without a @name associated**, get a @name associated.
- If none volunteer, the topic isn't important enough; Make a ticket or not; Fill the checkbox with an `X`, so it is scheduled for deletion.
- Alternatively, leave the item checkbox empty, and note that volunteers are needed

### Events
- [ ] **Events in the future** have an empty checkbox
- Add the @names of who is likely to attend, so they may submit/prepare talks, coordinate, etc.
- [x] **Events in the past** get their checkbox filled with an `X`
- Add a few key learnings from attendees, if relevant!
- [x] **Events that nobody is likely to attend** get their checkbox filled with an `X`

### When creating the Minutes
- [x] When creating the minutes, utems with filled checkboxes remain as-is. Do NOT delete!
- [X] _This item is done, so record it in the minutes as-is_

### When creating the Agenda
- [x] When a NEW agenda is created from the previous meeting minutes, items with filled checkboxes are deleted: they aren't relevant any more!
- [X] _~~This item is done, so we delete ut when preparing the next meeting agenda~~_

42 changes: 42 additions & 0 deletions meetings/cpansec-minutes-2025-12-11.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
# CPANSec bi-weekly meeting 2025-12-11

- 2025-12-11 @ 16:00 UTC.
- Meeting intended on Element Call (native video chat in Element client), but due technical issues among some of the attendees, we moved to Google Meet.

## Attending

- @jjatria, @sjn, @stigtsp, @thibaultduponchelle, @timlegge, Michael

## Minutes

- [x] Introductions
- Michael (north-of-nowhere, mjmc) introduced himself, and was welcomed!
- [x] @timlegge - year end wrap up for the CNA
- @timlegge - @thibaultduponchelle wrote one last year, let's do it again
- @timlegge - CVE focused
- @sjn - other topics too?
- @timlegge - yes. Unsupported modules & coordination issues (w/@stigtsp)
- @sjn - CRA; CONTRIBUTING.yml; etc.
- @thibaultduponchelle - SBOM progress; CPAN module patching; Policy templates;
- @stigtsp - Details on CVEs; PackageURLs
- Aim to be ready medio January 2026 (good for PTS sponsoring)
- [ ] @timlegge - organizes
- [x] @sjn - FOSDEM
- @sjn - I'll be there, bringing stickers, helping organizing the Perl/Raku community booth.
- @sjn - orgas may be renting screen for micro talks
- [ ] @sjn - if this happens, @sjn gives one about cpansec
- [x] @stigtsp - brief mention of showstoppers for PackageURL adoption in CVE and nixpkgs
- @stigtsp - The current purl spec requires an author, but not a version. CVE spec requires at most one purl per vulnerability, which means CPAN purls don't match well since they atm. require an author.
- @jjatria - this seems solvable, let's put together a meeting where we solve it.
- @stigtsp - yes, let's also define the problem space
- [ ] @jjatria - organizes a meeting where we discuss this
- @jjatria - let's try for a deadline at ultimo January
- @stigtsp - we need to get this done ASAP
- [x] @stigsp - PTS?
- @thibaultduponchelle - Second round of invites done; Venue search ongoing; we're invited!
- [x] AOB
- @stigtsp - Happy holidays!

## Next meeting

- [ ] @sjn - next meeting in 4 weeks exactly, January 8, 2026 @ 16:00 UTC ([iCal](https://calendar.google.com/calendar/event?action=TEMPLATE&tmeid=Y2dncTltMG5ocWRqdWV0ZXY1YzlqNm1tZW5fMjAyNjAxMDhUMTYwMDAwWiA2OTE1ODRlM2RiN2QwYTg3N2I0MzQ4MmZjOTk2ZWFhZTk5ODRjZjhiYTBiNzY5ZDVkMDBkMDQyYTMyZjljNjZlQGc&tmsrc=691584e3db7d0a877b43482fc996eaae9984cf8ba0b769d5d00d042a32f9c66e%40group.calendar.google.com))