diff --git a/meetings/2024-04-10/minutes.md b/meetings/2024-04-10/minutes.md index af259b2..705c0ad 100644 --- a/meetings/2024-04-10/minutes.md +++ b/meetings/2024-04-10/minutes.md @@ -4,36 +4,102 @@ TSC members -- [ ] [Norman Ashley (Cisco)](https://github.com/ashman-p) -- [ ] [Michael Baentsch (independent contributor)](https://github.com/baentsch) -- [ ] [Thomas Bailleux (SandboxAQ)](https://github.com/) -- [ ] [Basil Hess (IBM Research)](https://github.com/bhess) -- [ ] [Brian Jarvis (AWS)](https://github.com/brian-jarvis-aws) -- [ ] [Christian Paquin (Microsoft Research)](https://github.com/christianpaquin) -- [ ] [Douglas Stebila (University of Waterloo)](https://github.com/dstebila) +- [X] [Norman Ashley (Cisco)](https://github.com/ashman-p) +- [X] [Michael Baentsch (independent contributor)](https://github.com/baentsch) +- [X] [Thomas Bailleux (SandboxAQ)](https://github.com/) +- [X] [Basil Hess (IBM Research)](https://github.com/bhess) +- [X] [Brian Jarvis (AWS)](https://github.com/brian-jarvis-aws) +- [X] [Christian Paquin (Microsoft Research)](https://github.com/christianpaquin) +- [X] [Douglas Stebila (University of Waterloo)](https://github.com/dstebila) Other attendees + - [x] [Nigel Jones (IBM)](https://github.com/planetf1) + - [x] [Alex Bozarth (IBM)](https://github.com/ajbozarth) + - [x] [Michael (Max)imilien, IBM](https://github.com/maximilien) + - [x] [Ry Jones (Linux Foundation)](https://github.com/ryjones) + - [x] [Hart Montgomery, Linux Foundation](https://github.com/hartm) + + ## 1. Chair's introduction + - The chair thanks members for being patient as we get up and running + - TSC aims to be consensus driven & friendly + - TSC will discuss & make strategic decisions on technical matters. Developer call handlers regular operational matters ## 2. Approve agenda + - Agreed + ## 3. Appoint minute-taker + - Nigel will take this week's notes. Agreed that we would ask at the beginning of each meeting & do in rotation. + ## 4. Approval of minutes of last meeting +- Last meeting's notes are open as [PR #14](https://github.com/open-quantum-safe/tsc/pull/14). Comments/reviewers invited. TSC members asked to approve. +- will use direct links to recordings in future minutes - portal not available to all (has been requested) + ## 5. Voting procedure +- [Issue #12](https://github.com/open-quantum-safe/tsc/issues/12) open for discussion +- online/async voting to allow broadest engagement +- open votes for technical matters +- differing opinions on whether personal matters (including voting such as ranking) should be public or secret, or referred up to the board. +- noted that most decisions consensus driven in any case +- mechanism - git (simple), [gitvote](https://github.com/cncf/gitvote), [Helios](https://vote.heliosvoting.org/) are possible options +- discussion to continue in [issue 12](https://github.com/open-quantum-safe/tsc/issues/12) + + ## 6. Addition of Vlad Gheorghiu to TSC +- Vlad is maintainer of language wrappers +- Intent had been he was in the TSC from launch +- Christan proposed, Basil seconded motion to add Vlad. Agreed by verbal vote of TSC members with no objections + ## 7. Meeting cadence +- Monthly still seems appropriate - lots of topics +- Two suggestions: + - in PQCA TAC timeslot (alt. weeks) in off-week + - offline poll to accommodate most TSC members, and consider time rotation to handle differing timezones. This may require a higher frequency than monthly +- Agreed poll will be conducted + ## 8. Report from TAC representative (Thomas) +- Project Lifecycle. + - [Early draft](https://docs.google.com/document/d/1NV-0vNgXWdc81oqT0jv0C-9Funb8dySS06u90ghF-X4/edit) + - PQCA TAC suggests oqs tsc review and develop as most active project. + - objective is clarity for consumers as to what state the code is in - production, experimental, how good is security, maintenance - don't want to set wrong expectations. + - Also covers adoption of new projects. Similar to apache incubation approach + - may apply at sub-project or component level + - should map existing oqs subprojects/components to proposal for validation + - clear separation may require feature flags, restructuring of liboqs, additional projects etc + - should delegate to OQS dev meeting to decide/discuss in github issues + - Issue will be opened for followup +- Security + - PQCA [setting up security workgroup](https://github.com/PQCA/TAC/issues/2) + - Hoping to arrange presentation from [OSSF](https://openssf.org/) around [scorecard](https://securityscorecards.dev/) & other best practices. TSC members will be invited + - Also Use of sigstore, CBOMs, SBOMs, vulnerability reporting process + ## 9. Does OQS-BoringSSL repository require a license exemption? +- [Issue #13](https://github.com/open-quantum-safe/tsc/issues/13) has background +- Current project charter requires contributions under MIT license +- Discussed allowing Apache 2.0 as an exception for this work, or changing charter to allow generally +- [Issue #17](https://github.com/open-quantum-safe/tsc/pull/17) for TSC members to vote on exception + ## 10. Sub-project lifecycle +No discussion beyond 8. above - timeout + ## 11. Discussing plan for level of code support and the production vs. research tracks +No discussion beyond 8. above - timeout + ## 12. Other business + +None + +## Meeting Recording + +A [transcript and recording of this meeting](https://zoom.us/rec/play/SSS-KDTuL7-MfCQaBoOH6NsJ2qRjPuc46X1hzaRizeJBeFsgRlTapONnlosGDbBGjAJI8dksmehEiF0I.s2Hw9yHdlBvJ0s-A?canPlayFromShare=true&from=share_recording_detail&continueMode=true&componentName=rec-play&originRequestUrl=https%3A%2F%2Fzoom.us%2Frec%2Fshare%2FoQXCKON8wrHgBsjAWgWQYZxOBfKB9eeiyw38CgqMbhVB9LqHnE0cPMhwdW3zZDYp.ID4HoVpw_jj0841b) is available