Merge pull request #66 from jupyter/meeting-notes-june-catchup

Meeting notes from June catch-up

Author: rcthomas

meetings/2023-06-13.md

@@ -0,0 +1,47 @@
+# Jupyter Security Bi-weekly Meeting
+
+## June 13, 2023
+
+| Name               | affiliation    | username         |
+| -------------------| ---------------|------------------|
+| Rick Wagner        | UCSD           | @rpwagner        |
+| Jason Weill        | @AWS           | @JasonWeill      |
+| Joe Lucas          | NVIDIA         | @josephtlucas    |
+| Rollin Thomas      | NERSC          | @rcthomas        |
+| Aaron Scantlin     | NERSC          |.                 |
+| Fatema Bannat Wala | Zeek           |.                 |
+| Christian Kreibich | Zeek           |.                 |
+| James Marsteller   | NSF            |.                 |
+| Keith Lehigh       |.               |.                 |
+
+* Zeek has been experimenting with OpenSSF tooling (CI, static code analysis)
+* Historically approached network monitoring by protocol
+    * If you write the analyzer, you signature events
+        * Script writer taps into these logs
+    * People want to use this to identify applications
+        * What would it look like for Jupyter? what's encrypted?
+        * Could discuss / do during a working session:
+            * installations
+            * recorded network traffic
+            * what visibility exists today?
+                * what visibility could exist if there's further development?
+* Jupyter should be able to build zeek instrumentation framework relatively independently
+* Hackathon is feasible. 
+    * If there's a range of familiarity with zeek, we could start with an "intro to zeek" talk leading into
+    * "what could be built"
+    * followed by "here's jupyter" (on the network)
+    * into hackathon
+* Will be more productive if there's "homework"
+    * packet captures
+* Instrumenting jupyter with agents may open up options
+* Rick proposes:
+    * Zeek and Jupyter each have their own separate, independent "full day" (maybe monday?)
+    * but come together for a half-day collaboration on another day (maybe tuesday?)
+    * James and Christian agree
+* Christian will work with Rich on the join submission
+* Submissions:
+    * Full day from jupyter security workshop
+    * Joint half day workshop from jupyter and zeek
+    * Zeek (intro + advanced)
+* Room capacity in the 50-80 people range
+* Christian wants to see our threat model

meetings/2023-06-20.md

@@ -0,0 +1,32 @@
+# Jupyter Security Bi-weekly Meeting
+
+## June 20, 2023
+
+| Name               | affiliation    | username         |
+| -------------------| ---------------|------------------|
+| Rick Wagner        | UCSD           | @rpwagner        |
+| Jason Weill        | @AWS           | @JasonWeill      |
+| Joe Lucas          | NVIDIA         | @josephtlucas    |
+| Matthias Bussonnier| Quansight      | @carreau         |
+
+* Zeek submissions complete
+    * Rick: Maybe we define some canonical deployment scenarios (on the desktop, JupyterLab on a server, Hub, Zero to JupyterHub)
+* Jason: Is jupyter.org being updated? If so, maybe we use this to update the [security page](https://jupyter.org/security)
+    * Produce resources for the NSF summit and post to the website
+* Jason: Anna and Steven putting together a policy for posting to official social media
+* How do we follow what EC and SSC are doing?
+    * nontransparent
+* Zoom conflict with other Jupyter committees again.
+* Matthias recommends restructuring governance page to make meeting notes and schedules more discoverable
+* Intigriti
+    * Will finish draft and get to the Jupyter projects for review this week
+* OpenSSF
+    * Should we be involved at the free tier?
+* https://ostif.org/ contacted NumFOCUS about a completing a Pandas audit. Might be a resource for us later.
+
+Workshop TODOs:
+- [ ] Marketing
+    - Twitter (some people have requested that it be deleted)
+    - Discourse
+    - We don't have mastadon
+- [ ] Making it an official community workshop (maybe ask Community Building Committee)

meetings/README.md

@@ -17,6 +17,8 @@ What this meeting is about:
 
 ## Meeting Minutes
 
+* [2023-06-20](2023-06-20.md)
+* [2023-06-13](2023-06-13.md)
 * [2023-06-06](2023-06-06.md)
 * [2023-05-02](2023-05-02.md)
 * [2023-04-18](2023-04-18.md)