Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Monthly meeting agenda (Feb 2022) #162

Closed
jptosso opened this issue Feb 14, 2022 · 4 comments
Closed

Monthly meeting agenda (Feb 2022) #162

jptosso opened this issue Feb 14, 2022 · 4 comments
Assignees
@jptosso @fzipi @syinwu
Labels
meeting

Comments

@jptosso
Copy link
Member

jptosso commented Feb 14, 2022
edited
Loading

Meeting date: Wednesday 23rd, 12hrs UTC

Topics

  1. Project status overview
  2. Contribution requirements: Licenses, dependencies, testing, quality gates, approval flow, etc
  3. Criteria for a new feature and approval flows
  4. Where to store plugins and which plugins should be merged
  5. Gifts on PRs, is it ok? what is the policy?
  6. Coraza vulnerability handling
  7. Project core values
  8. Rules for the future meetings
  9. v2 final version release requirements
  10. Where to publicly store all coraza research? Public confluence or GH wiki
  11. Side projects status and future (website, sandbox, docker, caddy, traefik, gin, and coraza-server)
  12. If there is time, we might discuss the google summer of code event
  13. How to deal with bugs from pre-releases and v1
  14. README structure
  15. Response body processor

To join, request a slack invite here https://owasp.org/slack/invite and join the coraza channel.

Other considerations

  • Feel free to request additional topics or propose a new schedule
  • The duration of the meeting is expected to be 60 minutes.
@fzipi
Copy link
Member

fzipi commented Feb 15, 2022

Personally I'll prefer Wed 13Hrs UTC. 60 minutes? Maybe because is the first one :)

Topics look good. For 12) I think it is better to throw stuff at a document first.

@fzipi fzipi added the meeting label Feb 15, 2022
@fzipi
Copy link
Member

fzipi commented Feb 23, 2022
edited by syinwu
Loading

Meeting Notes

  1. Official new name is OWASP Coraza Web Application Firewal. Juan Pablo presented the team of leaders and contributors.
  2. With regard to the contribution requirements:
  • add Apache 2 compatible licenses for those who implement additional features and might use third party go modules (e.g. MIT, BSD, and Apache are). Check if we can use go-licenses in a CI/CD check.
  • quality gates: new code should keep the 80% quality gate on coverage. If maintainers/contributors with merge powers deem the code to be reasonable, they might force merge.
  • if we introduce a new dependency, we rely on the quality standards from awesome-go.com
  • No CGo is permitted in the core.
  1. Approval flows: each PR should have 2 approvers. When we grow, we should use also the CODE_OWNERS feature. New features: Core features: should go by the approval format. Non Core Features: should start as plugins/modules, once tested they can go to the core.
  2. Plugins: skipped to next meeting, while we get more documentation.
  3. Gifts: let's ask around other projects and formally to OWASP and we can deal with this next meeting.
  4. Vulnerability handling: will create an email address like [email protected] with secure GPG and forward it to core contributors and co-leaders
  5. Core values: will be discussed next meeting

Remaining topics will be discussed in next meeetings.

This was referenced Feb 23, 2022
Closed
Closed
@github-actions
Copy link

This issue is stale because it has been open for 30 days with no activity.

@github-actions github-actions bot added the stale label Mar 26, 2022
@fzipi fzipi removed the stale label Mar 26, 2022
@jptosso
Copy link
Member Author

jptosso commented Mar 30, 2022

All topics covered in the March meeting

@jptosso jptosso closed this as completed Mar 30, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jptosso jptosso

@fzipi fzipi

@syinwu syinwu

Labels
meeting
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jptosso @fzipi @syinwu