Merge branch 'main' into notes-2022-08-16

rcthomas · web-flow · commit fa672286d4cf · 2022-12-06T09:32:46.000-08:00
diff --git a/README.md b/README.md
@@ -4,8 +4,18 @@ This repository is for anything Jupyter or IPython security related that can be
 
 If you need to privately disclose security issues please see https://jupyter.org/security
 
+## Jupyter Security Subproject Council
 
-# Misc Security Informations
+Members
+- Matthias Bussonnier [@Carreau](https://github.com/Carreau)
+- Jason Grout [@jasongrout](https://github.com/jasongrout)
+- Rollin Thomas [@rcthomas](https://github.com/rcthomas)
+- Rick Wagner [@rpwagner](https://github.com/rpwagner)
+- Jason Weill [@jweill-aws](https://github.com/jweill-aws)
+
+The Jupyter Security Subproject representative to the [Jupyter Software Steering Council](https://jupyter.org/governance/software_steering_council.html) for 2023 is Rick Wagner ([@rpwagner](https://github.com/rpwagner)).
+
+# Misc Security Information
 
 For credential that _must be shared_, or for safekeeping, Jupyter has a team [1Password](https://jupyter.1password.com/)
 account which has been graciously provided by the
diff --git a/meetings/2022-08-02.md b/meetings/2022-08-02.md
@@ -0,0 +1,34 @@
+# Jupyter Security Bi-weekly Meeting
+
+## August 2, 2022
+
+| Name               | affiliation| username         |
+| -------------------| -----------| -----------------|
+| Jason Weill | AWS | @jweill-aws |
+| Rick Wagner        | UCSD       | @rpwagner |
+| Matthias Bussonier |            | @carreau |
+| Rollin Thomas | NERSC | @rcthomas |
+
+- Plan:
+    - Check status at the August
+    - Write another blog post
+    - "Great progress, for the remaning orgs, we will enable on Oct 1"
+    - For users, show redacted email. If you receive this, open an issue or post in Discourse.
+
+- Future items for discussion: 
+    - Can we automatically crawl developer accounts for signs of inactivity
+    - Reproducible package builds
+    - Migrating to PyPI deploy tokens
+        - Will be some coding 
+        - Lots of assumptions like one user one password
+
+It is possible to create a NO-2FA team, and add folks to the team to ping them in a private manner. 
+
+Contact Brian: (out of office this week, will do so on August 8)
+
+- https://github.com/jupyterlab/team-compass/issues/155
+- https://github.com/orgs/jupyterlab/people?page=3&query=two-factor%3Adisabled
+
+Matthias need to find some time to update the security page: 
+
+ - https://github.com/jupyter/jupyter.github.io/pull/696
diff --git a/meetings/README.md b/meetings/README.md
@@ -18,6 +18,7 @@ What this meeting is about:
 ## Meeting Minutes
 
 * [2022-08-16](2022-08-16.md)
+* [2022-08-02](2022-08-02.md)
 * [2022-07-05](2022-07-05.md)
 * [2022-06-07](2022-06-07.md)
 * [2022-05-24](2022-05-24.md)
