From 7665ef4aa9015f6799e271c5650392caf4bcf780 Mon Sep 17 00:00:00 2001 From: Naomi Washington <70667788+Naomi-Wash@users.noreply.github.com> Date: Tue, 2 Jul 2024 11:10:04 -0500 Subject: [PATCH] Update 2024-06-05-TAC.md Cleaned up formatting Signed-off-by: Naomi Washington <70667788+Naomi-Wash@users.noreply.github.com> --- meeting-minutes/2024/2024-06-05-TAC.md | 59 ++++++++++++-------------- 1 file changed, 27 insertions(+), 32 deletions(-) diff --git a/meeting-minutes/2024/2024-06-05-TAC.md b/meeting-minutes/2024/2024-06-05-TAC.md index bce1573..45c9fea 100644 --- a/meeting-minutes/2024/2024-06-05-TAC.md +++ b/meeting-minutes/2024/2024-06-05-TAC.md @@ -5,8 +5,6 @@ parent: Meeting Minutes grand_parent: PQCA TAC nav_exclude: true --- -_Copy this template to the subdirectory for the current year and name the file `YYYY-MM-DD-TAC-meeting-record.md` (e.g., `2023-02-02-TOC-meeting-record.md`). Update the information above to change the `title` (e.g., `2023-02-16 TOC Meeting Record`, the `parent` to `YYYY` (e.g., 2023), the `grand_parent` to `Meeting Minutes`, and remove the `nav_exclude` line. Update the links below to reflect the appropriate image location (e.g., `../images/`). Text between `` are instructions. Please remove when section has been completed._ - # Agenda 0. Finalize agenda @@ -40,51 +38,48 @@ None - Workgroups - Maximilien led a working group discussion, noting the initial working groups are: Doc, Algorithms, and Security. - - Docs Update - Nigel noted that he has started creating documents for PQ Code Package but asked if should this be implemented at the TAC level. Naomi noted that documents at the TAC level are generally used for guidance and accepted at the project level. +### Docs Update +Nigel noted that he has started creating documents for PQ Code Package but asked if should this be implemented at the TAC level. Naomi noted that documents at the TAC level are generally used for guidance and accepted at the project level. - Max noted that to wait is to ensure the process of creating docs is consistent across the alliance and projects. Nigel noted that for Hyperledger they use Mockdocs and suggested to use that for this. Just to get something started and work from there. +Max noted that to wait is to ensure the process of creating docs is consistent across the alliance and projects. Nigel noted that for Hyperledger they use Mockdocs and suggested to use that for this. Just to get something started and work from there. - Nigel to share a Hyperleder document that can be used as a template. +Nigel to share a Hyperleder document that can be used as a template. 2 parts to documentation: 1. Process and tooling 2. content - 2 parts to documentation: 1. Process and tooling 2. content +**Next Steps:** Jones will take the lead on starting the process and using the Hyperleder/PQCP document process. - Next Steps: Jones will take the lead on starting the process and using the Hyperleder/PQCP document process. +### Security Update +Max noted that at the last TAC meeting, Dana presented OpenSSF Security Best Practices. Noting that the scorecard process has been started in OQS but they are still mitigating issues. After that has been completed, it will be rolled out to other projects in OQS and PQ Code Package. - - Security Update - Max noted that at the last TAC meeting, Dana presented OpenSSF Security Best Practices. Noting that the scorecard process has been started in OQS but they are still mitigating issues. After that has been completed, it will be rolled out to other projects in OQS and PQ Code Package. +Nigel noted that the community's concern with the scorecard is visibility without resolving all the issues. The community agreed to fix the issues before making the scorecard public. - Nigel noted that the community's concern with the scorecard is visibility without resolving all the issues. The community agreed to fix the issues before making the scorecard public. +Hart noted that the alliance needs a well-documented security vulnerability disclosure process. - Hart noted that the alliance needs a well-documented security vulnerability disclosure process. +### CBOM +Max requested this working group to be created and the request came from an internal request stating that CBOMs and SBOMs need to be created from the source. Need to have a catalog of CBoMs, create new ones where they don't exist, and encourage others to do the same. Jones and Maximilen have started research for creating CBoMs for projects. - - CBOM - Max requested this working group to be created and the request came from an internal request stating that CBOMs and SBOMs need to be created from the source. Need to have a catalog of CBoMs, create new ones where they don't exist, and encourage others to do the same. Jones and Maximilen have started research for creating CBoMs for projects. +Have looked into how to create a catalog of existing CBoMs and what it takes to create a catalog. For example Kubernetes and seeing if we have a list of CBoMs for Kubernetes. This invites the question of introducing tooling to have these updated as well. - Have looked into how to create a catalog of existing CBoMs and what it takes to create a catalog. For example Kubernetes and seeing if we have a list of CBoMs for Kubernetes. This invites the question of introducing tooling to have these updated as well. +**Next Steps:** At the next meeting Maximilien and Jones will provide an update and findings to 1.) determine if the TAC is interested, 2.) does TAC members have CBoMs that they are maintaining, and 3.) if they have documentation on how they are managed. - Next Steps: At the next meeting Maximilien and Jones will provide an update and findings to 1.) determine if the TAC is interested, 2.) does TAC members have CBoMs that they are maintaining, and 3.) if they have documentation on how they are managed. +The first step is to collect as much information before we create the working group. +Uhri noted that the NIST PQC Discovery is pushing for S/CBOM output and for them to create documentation and tooling. - The first step is to collect as much information before we create the working group. - Uhri noted that the NIST PQC Discovery is pushing for S/CBOM output and for them to create documentation and tooling. +### Conferences +Max noted to the group that a PQCA session was submitted for OSS EU in Vienna. +Invited to give a talk at ICML, but someone else will need to attend as the conferences are on the same day in different locations. - - Conferences - - Max noted to the group that a PQCA session was submitted for OSS EU in Vienna. - - Invited to give a talk at ICML, but someone else will need to attend as the conferences are on the same day in different locations. +### Blogs +Max updated the group that the blog submitted by him and Ashwin is now ready for review. Encouraged others to be sure to submit blogs and content. - - Blogs - Max updated the group that the blog submitted by him and Ashwin is now ready for review. Encouraged others to be sure to submit blogs and content. - - - Vice-chair election - Brian nominated. +### Vice-chair election +Brian nominated. - - Action Items - See below - -3. Cadence of this meeting - Max proposed to move this meeting to monthly. Discussion ensued about the risk of moving the TAC meeting to monthly. +### Action Items +See below - It was decided to keep these meetings every 2 weeks and then cancel when we don't have enough content to host a meeting. +### Cadence of this meeting +Max proposed to move this meeting to monthly. Discussion ensued about the risk of moving the TAC meeting to monthly. +It was decided to keep these meetings every 2 weeks and then cancel when we don't have enough content to host a meeting. # Action items Action items