Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Meeting 2024-11-20 minutes #53

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Meeting 2024-11-20 minutes #53

Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
df42791
Meeting 2024-11-20 minutes
sthagen Nov 20, 2024
2bc4f85
post-meeting draft
sthagen Nov 20, 2024
b56a476
remove the extra "not"
justmurphy Nov 20, 2024
b1fa894
Nits: Fixed some typos
sthagen Nov 21, 2024
620658f
nit: fixed typo
sthagen Nov 22, 2024
0a9c644
Nit: Fixed typo
sthagen Nov 22, 2024
f030e66
Feedback from Thomas Schmidt
sthagen Nov 22, 2024
a89a355
Nit: typo
sthagen Nov 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
166 changes: 166 additions & 0 deletions meeting-minutes/2024-11-20.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,166 @@
# 1. Opening Activities

## 1.1 Opening comments (Co-Chair)

## 1.2 Introduction of participants/roll call (Co-Chair)

Quorum requires participation of 9 or more of the 17 voting members (including the officers).

| First Name | Last Name | Company | Role(s) | Present |
|:-----------|:-----------|:------------------------------------------------------------|:--------------------------|:--------|
| Adrian | Diglio | Microsoft | Voting Member | NO |
| David | Kemp | National Security Agency | Member | NO |
| Denny | Page | Individual | Voting Member | YES |
| Duncan | Sparrell | sFractal Consulting LLC | Voting Member | NO |
| Feng | Cao | Oracle | Member | YES |
| Harin | Sarda | Cisco Systems | Voting Member | YES |
| Jautau | White | Microsoft | Voting Member | YES |
| Jeremy | Rickard | Microsoft | Member | NO |
| Justin | Murphy | DHS Cybersecurity and Infrastructure Security Agency (CISA) | Co-Chair | YES |
| Kris | Vandecruys | Cisco Systems | Voting Member | YES |
| Kunal | Modasiya | Qualys, Inc. | Member | NO |
| Langley | Rock | Dell | Voting Member | YES |
| Martin | Prpic | Red Hat | Voting Member | NO |
| Omar | Santos | Cisco Systems | Co-Chair | YES |
| Pablo | Quiroga | Qualys, Inc. | Voting Member | YES |
| Peter | Gephardt | IBM | Member | NO |
| Przemyslaw | Roguski | Red Hat | Voting Member | YES |
| Shridhar | Chari | Cisco Systems | Member | NO |
| Sonny | van Lingen | Huawei Technologies Co., Ltd. | Voting Member | YES |
| Stefan | Arntzen | Huawei Technologies Co., Ltd. | Voting Member | YES |
| Stefan | Hagen | Individual | Secretary, taking notes | YES |
| Thomas | Proell | Siemens | Member | NO |
| Thomas | Schaffer | Cisco Systems | Voting Member | NO |
| Thomas | Schmidt | Federal Office for Information Security (BSI) Germany | Voting Member | YES |
| Tobias | Limmer | Siemens | Member | NO |

Quorum was reached (13 voting members present)

## 1.3 Procedures for this meeting (Moderator)

## 1.4 Approval of agenda

* Roll Call
* Updates:
* Happy (belated) birthday OpenEOX!
* CSAF Community Days Dec 12th and 13th
* <https://oasis-open.github.io/csaf-documentation/communitydays/>
* CVE and CPE discussion (Feng and Przemyslaw)
* Approval of previous meeting minutes (motions carried out per e-mail motions)
* Review of outstanding issues and pull requests marked for TC discussion: https://github.com/oasis-tcs/openeox
* [Meeting minutes August and September #50](https://github.com/oasis-tcs/openeox/issues/50)
* [CISA proposed definition for "security support" as part of NCSIP Initiative 3.3.2 #51](https://github.com/oasis-tcs/openeox/issues/51)
* [End-of-Software Maintenance #29](https://github.com/oasis-tcs/openeox/issues/29)
* based onn last month's discussion for [Using "End" word in the lifecycle definitions #38](https://github.com/oasis-tcs/openeox/issues/38)
* [End-of-Security Vulnerability Support #32](https://github.com/oasis-tcs/openeox/issues/32)
* [Suggested new optional field "successor" #3](https://github.com/oasis-tcs/openeox/issues/3)
* Next steps

Agenda aggreed.

## 1.5 Approval of previous minutes (Moderator)

None (motions carried out already per e-mail motions).

## 1.6 Review of action items and resolutions (Secretary Stefan)

None

## 1.7 Identification of TC voting members (Secretary)

- the roster is out of sync so no statements on member status changes possible during meeting

### 1.7.1 Prospective voting members attending their first meeting

### 1.7.2 Members attaining voting rights at the end of this meeting

### 1.7.3 Members losing voting rights if they have not joined this meeting by the time it ends

### 1.7.4 Members who previously lost voting rights who are attending this meeting

### 1.7.5 Members who have declared a leave of absence

# 2. Future Meetings

## 2.1 Future meeting schedule (Secretary)

- Scheduled Teleconferences (Wednesday at 09:00 PT / 12:00 ET / 18:00 CET / **17:00** UTC for 1 hour)

```
December 18, 2024
```
- regrets from Stefan Hagen

# 3. Discussion

- [Meeting minutes August and September #50](https://github.com/oasis-tcs/openeox/issues/50)
- Stefan: Please provide the recordings to fix the roster
- Justin: Will see that the recordings will be sent to Stefan for extracting
- [CISA proposed definition for "security support" as part of NCSIP Initiative 3.3.2 #51](https://github.com/oasis-tcs/openeox/issues/51)
- Justin: Motivates the issue and invites everyone to discuss the proposed definition in the issue
- Langley: We are responding to security events or security incidents, but not to security risks
- [End-of-Software Maintenance #29](https://github.com/oasis-tcs/openeox/issues/29)
- ... based on last month's discussion for [Using "End" word in the lifecycle definitions #38](https://github.com/oasis-tcs/openeox/issues/38)
- Justin: Moves to close the issue [Using "End" word in the lifecycle definitions #38](https://github.com/oasis-tcs/openeox/issues/38)
- Przemyslaw: Seconds
- No discussion, all in favor, motion carries
- Przemyslaw: Updated the proposal to focus (at least for now) on only the end of periods and to allow specification of scopes
- Langley: Coupling feature with security updates?
- Jautau: Feature is evolution, while maintenance is conserving, no?
- Przemyslaw: Agrees. The scopes present were added as examples
- Feng: Example term support; We may have a problem with not yet having agreed on universal definitions for support which may be different from supplier to supplier
- Przemyslaw: Such scopes may be defined per supplier, do not have to be universal
- [End-of-Security Vulnerability Support #32](https://github.com/oasis-tcs/openeox/issues/32)
- Skipped
- [Suggested new optional field "successor" #3](https://github.com/oasis-tcs/openeox/issues/3)
- Skipped

## 3.1 Next steps

* Keep on discussng on GitHub and mailing list

# 4. Other Business

- Feng: Submitted use cases and thinks these should be discussed before being able to practically discuss terms
- Thomas Schmidt: Yes, but should not block discussions on terms
- Cf. <https://github.com/oasis-tcs/openeox/blob/main/value-scenarios/README.md> split per:
- <https://github.com/oasis-tcs/openeox/tree/main/value-scenarios/contributor-scenarios>
- <https://github.com/oasis-tcs/openeox/tree/main/value-scenarios/general-scenarios>
- Langley: Agrees that some commonality needs to be reached
- Przemyslaw: Thinks we already discussed and agreed; in any case we should progress towards a "minimal viable product"-like set of definitions / schema
- Justin: Place use cases discussion on agenda for December meeting
- Thomas: Open to both sequences of steps; the schema can always follow. If we need discuss scenarios first, we should follow, but we should progress no matter in which order.
- Feng: Emphasizes his priority for reaching a common ground to be able to place OpenEOX on the market place
- Justin: Proposes to invite everysone to visit the submitted scenarios and for others to submit or modify missing or incomplete scenarios and then follow over the next couple of meetings to share the scenarios
- Sonny: Maybe use a full day or even a face to face meeting with a white board to discuss?
- Justin: We could add an extra meeting for that purpose and bring back the results to the regular TC meetings
- Thomas Schmidt: Feel free to use the CSAF Community Days for such discussions
- Justin: Repeats his proposal and likes to progress with the issues noted on the draft agenda
- Pablo: Likes us to summarize where we are on next meeting and create a timeline to not rush but also share a common plan to ensure progress monitoring; iterations but no cycles
- Justin: Likes that and proposes that during the December and January 2025 meeting everyone presents their use cases / scenarios in say 15 minute time slots to then produce a rough timeline
- Przemyslaw: Let us go for that and he even likes to present their use cases first
- Justin: Let us start with 3 people starting please notify when you are ready
- Jautau: Maybe we will lose relevance when instead of end of maintenance we allow to state enf of whatever mean with maintenance
- Thomas: Encourages everyone to provide input so that together we can decide the way forward

# 5. Resolutions and Decisions reached (by 10 minutes prior to scheduled meeting end)

## 5.1 End debate of other issues by 10 minutes prior to scheduled meeting end and follow the agenda from this point (Co-Chair)

## 5.2 Review of Decisions Reached (Secretary)

DECISION to present use cases and scenarios during the December and January (2025) meetings

## 5.3 Review of Action Items (Secretary)

ACTION on all to prepare and propose 15 minute presentations of use cases and scenarios for December and January (2025) meetings

# 7. Next Meeting

```
December 18, 2024
```

# 8. Adjournment

Meeting was adjourned.