meeting notes: 2024-11-27

meeting-notes/2024-11-27.md

@@ -0,0 +1,45 @@
+# Haskell SRT meeting 2024-11-27
+
+Previously: https://github.com/haskell/security-advisories/blob/main/meeting-notes/2024-11-13.md
+
+Present: Fraser, Gautier, Montez, Tristan
+
+## Onboarding
+
+The new team members have been introduced to the on-going work.
+
+## GitHub Open Source Secure Fund
+
+GitHub opened a program to [fund securisaton of FOSS projects](https://github.blog/news-insights/company-news/announcing-github-secure-open-source-fund/)
+until January 7th.
+
+- Project ideas:
+  - GitHub integration
+    - Correct file/line
+    - Snippet proposition/PR opening
+  - Hackage
+    - show known vulnerability info
+  - vulnerabilities endpoints (publish vulnerability info)
+    - e.g. `advisories.haskell.org/...`
+    - [API server (#166)](https://github.com/haskell/security-advisories/issues/166)
+  - improve the HTML presentation of the advisories
+    - https://haskell.github.io/security-advisories/advisory/...
+
+- OSV ask: `human_link` source definition
+    - https://github.com/haskell/security-advisories/issues/252
+    - We can already address this - link to e.g.
+      `https://haskell.github.io/security-advisories/HSEC-xxxx`
+      - Montez will take this side.
+    - But we should also improve the HTML presentation in those pages.
+      - Gautier will take this side.
+
+- OSV ask: JSON Schema validation
+  - https://github.com/haskell/security-advisories/issues/251
+  - JSON schema:
+    https://github.com/ossf/osv-schema/blob/main/validation/schema.json
+  - Tristan will take the first look
+
+- Onboarding
+    - Follow-up on mailing list membership for Lei and Montez
+    - Github org membership, sorted now, but Fraser to add this step
+      to the onboarding docs.