- Chair's introduction
- Approve agenda
- Appoint minute-taker
- Review action items from previous meeting (if any)
- Roadmap discussion
- Permissions management
- Other business.
Norm Ashley
No action items from last meeting
Trail of Bits’ audit: Draft report distributed and available. Final version forth coming. Main take-away/finding related to testing in CI processes.
A lively discussion on the lifecycle document. It was observed that the document was approved while there were outstanding issues/feedback.
Action item: Douglas to reach out to Max and Brian, hear how the open issues will be handled.
https://github.com/orgs/open-quantum-safe/discussions/1892
Various ideas discussed including the need for a definition of production ready code and how to declare this publicly.
Suggested lists of criteria:
- Code ownership
- Project size and number of resources available
- Organization structure (leaders and other roles)
- Having finalized standards based code
- Verification methods
- Need for a security software engineer to help with code reviews from a security point of view
- QA processes
- Release process
Project planning ideas were also discussed mainly, a proposal to create a ‘project board’. The project board would be organized to list, prioritize and categorize issues. Categories would help pinpoint the skillsets best to address each issue.
LF project Hyperledger was suggested as an example to look at.
How to transition people in/out of roles and permissions. Ry from LF outlined his thoughts on organizing various roles based on the current project needs. This could be managed by creating teams and assigning the appropriate permissions for each team. Teams list would be updated as people came on or left a team. Examples: Document; Triage; Owners; Maintainers; Admins; Teams; Release management
Hart: ICMC24. Happy Hour next week after the ICMC PQC day, 9/17. If you’re attending ICMC next week, please feel free to join!
The meeting concluded. Next meeting to be scheduled in October.