August 7th, 2023 Community Meeting

[qu1queee]

• Please add a topic in this thread and add a link to the GitHub issue associated with the topic.
• Please make sure you give folks enough time to review/discuss the topic offline on GitHub before coming into the meeting
• (optional) Paste the image of an animal 😸

[qu1queee]

• Decide on participation for Hacktoberfest 2023 and decide on goals.
• Contributions on Blog Post, aim for a goal. Per CDF, ideally one per quarter.
• CVE-2023-37264: Tekton Pipeline Vulnerability Impact on Shipwright build#1346
• Initial file population .github#1 should be merged this week.

[qu1queee]

Meeting minutes:

• On the Hacktoberfest. Help us to get an understanding on where we are as a project. We can use this to get some SHIPs implemented. As a goal, we can aim for a 25% of the issues that are label with /hacktoberfest . Next steps, define issues and label them.
• From CVE-2023-37264: Tekton Pipeline Vulnerability Impact on Shipwright build#1346, we considered to open it publicly due to its low severity. The community will work on hardening our setup, based on the exploit in Tekton, but we consider that this is not putting us at risk. Furthermore, we think it might be a good opportunity to explore how can SHP generate CVE's for its own packages. On CVE handling, we should consider to assess impact first(prior to CVE issue creation). @adambkaplan to follow-up on this with RH Security Team.
• On v0.12.0 release, we did a weekly check on this, things are moving forward(webhook wise).
• From @SaschaSchwarze0 , we are moving repos to go v1.20.* , probably a good idea for folks to do this locally.