From 9b2719c68635879421805ed3b602ea19aae68a77 Mon Sep 17 00:00:00 2001 From: seabeepea Date: Fri, 14 Jun 2019 17:57:55 -0700 Subject: [PATCH] 2019-06-13.md Signed-off-by: seabeepea --- 2019-06-13.md | 90 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 2019-06-13.md diff --git a/2019-06-13.md b/2019-06-13.md new file mode 100644 index 0000000000..322e14ded6 --- /dev/null +++ b/2019-06-13.md @@ -0,0 +1,90 @@ + +# 6/13/2019 + +### Attending: +* Cary Phillips +* Larry Gritz +* Rod Bogart +* Peter Hillman +* Kimball Thurston +* Nick Porcino +* Christina Tempelaar-Lietz + + +### Discussion: +* Welcome new TSC members: + * Nick Porcino - Oculus + * Christina Tempelaar-Lietz - Epic + * Kimball Thurston - Weta + * Piotr was invited by hasn’t responded. +* Project goals by SIGGRAPH: + * Reach “adopted” status, seems attainable. + * CII badge progress is at 68% + * Need CI setup + * Need static/dynamic analysis setup + * Need to address security issues/policies + * Put out a new release, version 2.4: + * Address outstanding CVE’s + * Document existing CVE’s + * Compiler warnings + * CMake fixes + * Acknowledge most Issues and PRs; many can be closed as is. + * Proposal/position on the future of Imath; go into the BOF prepared to discuss. +* “Guide to the OpenEXR Project” + * GOVERNANCE.md, CONTRIBUTING.md, etc. + * Clarify project roles and clarify terminology: + * Committer vs. TSC + * Nick Rasmussen is an example of a committer not on the TSC. + * Need to clarify terms of service, how long do TSC members serve. + * OCIO meeting notes designate a PR Reviewer? + * Ad-hoc for that project to ensure fast turn around due to large number of contributions + * May want some form of this to ensure that PRs are reviewed +* Legal: + * Who keeps track of CLA’s on file? + * Should just be part of the process (CLA, DCO checks) + * Old PRs, what to do about obtaining CLAs prior to merge + * Need to check w/ ILM legal just to clarify old copyright / CLA + * Does OCIO have a policy of accepting small fixes without a CLA? No, that’s OIIO. All ASWF/Linux Foundation projects require CLA’s for every PR, no matter how small. +* CII Badge requires “acknowledgment of bug reports”. What should our policy be? + * Standard use of GitHub labels, documented in CONTRIBUTING. + * Use of GitHub Milestones to indicate priority. +* Status of the CII Best Practices Badge: + * Must ensure timely response to posts on openexr-dev + * What does it take to ensure that the website now uses https? + * Security: + * security@openexr.com, info@openexr.com + * John to arrange setting up the forwards to private tsc + * Outstanding CVE’s: + * One has a PR that needs to be merged. + * Other CVE issues have been resolved but the issues were never closed. + * CVE’s should be documented in CHANGES.md. + * OpenEXR needs a designated security expert + * Cryptographic protocols are not applicable. + * Ready to set up Azure? + * Compiler Warning flags + * -Wall with GCC 7/C++17 on Ubuntu gives a handful of warnings, straightforward to fix. + * What about Windows? + * Code coverage, static analysis, dynamic analysis: SonarCloud? + * Just needs to have been done at least prior to release (as opposed to fully integrated to release schedule) + * Test policy adherence? +* Should we update source code copyright notices? + * Cary will check with Lucasfilm Business Affairs. +* What’s the status of moving the github repository? +* TODO’s and action items: + * Label issues and PR’s + * Gives perception of response + * Use milestones instead to mark issues for including in next release + * Need to be more aggressive with closing issues that had a back and forth resulting in a consensus there’s nothing to do + * Standard comment about a house-cleaning event in migration to ASWF + * Merge/act on existing PR’s + * Fix compiler warnings + * SonarCloud: Static and dynamic analysis + * Azure + * Web site/documentation + * JM: Can be moved independently, whenever ready + * CP: wants to re-do web site to make it easier to maintain + * Email addresses for info & security + * Imath white paper + * Christina - will work on SonarCloud + * Kimball - will work on PRs, cmake, compile warnings + * Nick - will review PRs as well