meeting-notes: 2025-07-10

Author: frasertweedale

meeting-notes/2025-07-10.md

@@ -0,0 +1,62 @@
+# SRT meeting 2025-07-10
+
+Previously:
+https://github.com/haskell/security-advisories/blob/main/meeting-notes/2025-06-25.md
+
+
+## Q2 report topics
+
+- ZuriHac report (Tristan will write the section)
+- 1 new advisory (a couple in early April were accounted in Q1 report)
+- The web index not-vulnerability report :)
+- OCaml security team shout-out (see below)
+
+
+## Security work "prospectus"
+
+Following informal conversation with Jose at ZuriHac, it is time to
+pull this together.  Gather all the high-impact ideas (which are
+currently scattered across meeting notes, issues, etc) into a
+"prospectus" document which may help with funding decisions.
+
+
+## Hackage key signing
+
+> We’re looking for more people to take part in the hackage key signing
+> ceremony. I figured it would be useful to have someone from the security
+> response team be part of that trusted group. Is this something you’d be
+> willing to do? It would require you to take part of the ceremony in the
+> next few weeks, But it can all be done online.
+
+FT will circle back with Jose and find out next steps.
+
+
+## OCaml security team
+
+OCSF is starting a security team.  Richard Eisenberg reached out to
+FT to ask for advice.  FT will share some resources.
+
+
+## Embaroged advisory process
+
+Tristan feels our current *ad hoc* system using the mailing list
+could be improved.  Tristan will investigate and make
+recommendations on what we could implement to improve the processes.
+
+
+## Purl library
+
+Consensus: merge and publish without delay.  Gautier will do the
+Hackage publishing.
+
+
+## SRT processes documentation
+
+FT realised that we need to include the hackage package
+maintainership in the checklists.  So he will fix that :)
+
+
+## Next SRT meeting
+
+It is the summer holidays (north of the Equator).  Skip it
+for all?