|
| 1 | +# Shapeshifter TSC Meeting - 2025-07-05 14:00 CEST |
| 2 | + |
| 3 | +# Attendees |
| 4 | +- Hugo van der Zwaag |
| 5 | +- Robben Riksen |
| 6 | +- Marten Meijboom |
| 7 | + |
| 8 | +# Agenda & notes |
| 9 | +- Actions from the last TSC |
| 10 | + - See actions |
| 11 | +- Remarks & discussion topics |
| 12 | + - Discussed Question about how to deal with security issues, following pull request about OAuth on Python library. |
| 13 | + - Set up guidlines as TSC on how to deal with security. Hugo: preferably not based on fully custom code, but where possible use existing libraries so that we are aware of updates etc. |
| 14 | + - Include Hugo's explanation in contributing.md |
| 15 | +- Issue list and PR’s |
| 16 | + - Specification |
| 17 | + - https://github.com/shapeshifter/shapeshifter-specification/issues |
| 18 | + - https://github.com/shapeshifter/shapeshifter-specification/pulls |
| 19 | + - Java library |
| 20 | + - https://github.com/shapeshifter/shapeshifter-library-java/issues |
| 21 | + - https://github.com/shapeshifter/shapeshifter-library-java/pulls |
| 22 | + - Python library |
| 23 | + - https://github.com/shapeshifter/shapeshifter-library-python/issues |
| 24 | + - https://github.com/shapeshifter/shapeshifter-library-python/pulls |
| 25 | +- Security dashboard: https://security.lfx.linuxfoundation.org/#/a092M00001KWtA7QAL/overview |
| 26 | +- OpenSSF best practices badge levels https://www.bestpractices.dev/en/projects/5724 |
| 27 | + |
| 28 | +# Actions |
| 29 | +- GOPACS: Review OAuth PR by Marten on security addendum, Marten sends reminder |
| 30 | +- Robben: set up meeting with Marten (and other Liander participants) and GOPACS to discuss must-run implementation and impact on Shapeshifter. Result may be input for next TSC or even a meeting before the next TSC |
| 31 | +- Robben: Ask John to join next time to explain lfx dashboard and how to maintain. Does the committer list sync to github?\ |
| 32 | +- Hugo: review MR for OAuth on Python library. Add security policy to contributing.md |
| 33 | +- Robben: Add dependency policy to releases.md in the specification repo: Only process Specification major depencency version upates as check before publishing a new specification version. -> needs review after suggestions have been taken into account |
| 34 | + |
| 35 | + |
| 36 | +Old actions (check if still relevant next TSC) |
| 37 | +- Robben: Ask Stedin and Liander participants to rejoin TSC meetings |
| 38 | +- Tom & Albert: plan meeting to discuss baseline meeting -> check relevance |
| 39 | +- Tom: experiment with roles for maintainers of Java Library, next time discuss findings and proposal to apply this to the whole project -> check relevance |
| 40 | +- Daniel: Prepare discussino about NBility mapping of Shapeshifter for next meeting. Nico & Robben will aks Prince Singh from Alliander to join the next TSC |
| 41 | +- Robben: Ask at EDSN for insight in CIM mapping of Shapeshifter, prepare for next meeting |
| 42 | +- ALL: discuss in respective organizations what interfaces should look like, how this can be made easier etc. |
| 43 | +- Hugo: Add policy to dependabot to automatically process patch updates and create PR's for security updates. |
0 commit comments