From 303bacb15e67da997f48b44bfdace1daabf9870b Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Fri, 12 Jan 2024 01:36:33 +1000
Subject: [PATCH] meeting notes: 2024-01-10

---
 meeting-notes/2024-01-10.md | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 meeting-notes/2024-01-10.md

diff --git a/meeting-notes/2024-01-10.md b/meeting-notes/2024-01-10.md
new file mode 100644
index 00000000..e9a089db
--- /dev/null
+++ b/meeting-notes/2024-01-10.md
@@ -0,0 +1,31 @@
+# SRT meeting 2024-01-10
+
+Previous meeting notes: https://github.com/haskell/security-advisories/blob/main/meeting-notes/2023-12-13.md
+
+
+## 2023 H2 report
+
+- Draft sent to list; thanks for reviews.  FT will publish today.
+
+## ZuriHac plans
+
+- We agree it's a good idea to have a project, e.g. `cabal audit`, Hackage server.
+- Timeline: Jan for concept, March for concrete budget.
+- Jose has contact points with cabal-install and HLS.  hackage-server seems somewhat unloved.
+- Maybe we prioritise getting hackage-server attention?
+  - Many security improvment should/could be done (e.g. 2FA)
+- Can continue the discussion on list or GH issue (public).
+
+## Oustanding PRs
+
+- CWE library support.
+
+## Downstream toolling
+
+- Tristan already started something regarding tracking function calls 
+https://github.com/TristanCacqueray/cabal-audit
+- Support to suppress false positives will be important, esp. because we have >0 advisories for *base*.  This could be VEX and/or some other mechanism.
+
+## Publishing the HTML advisory index
+
+- Mihai: I was planning to look into the GHA but didn't get a chance yet