meeting notes: 2024-07-24

meeting-notes/2024-07-24.md

@@ -0,0 +1,59 @@
+# SRT meeting 2024-07-24
+
+Previously:
+https://github.com/haskell/security-advisories/blob/main/meeting-notes/2024-07-10.md
+
+
+## GitHub dependabot integration
+
+- Gautier talked to Arnaud which made an integration attempt
+- Arnaud paired with someone in GH but they have not made
+  significant work on it
+- We may have to start over
+
+
+## Tooling
+
+- Finally merged the snapshots PR [(#179)][pr-179] (thanks Gautier)
+- Merged the CVSS v2.0 (+ OSV) fix [(#218)][pr-218] (thanks Tristan)
+- Adding the GHC ecosystem support [(#213)][pr-213]
+  - review in progress
+  - advisory for GHC numeric bugs [(#214)][pr-214] depends on this
+- CVSS 4.0 support [(#208)][pr-208]
+  - ping andrii for status update?
+
+[pr-179]: https://github.com/haskell/security-advisories/pull/179
+[pr-208]: https://github.com/haskell/security-advisories/pull/208
+[pr-213]: https://github.com/haskell/security-advisories/pull/213
+[pr-214]: https://github.com/haskell/security-advisories/pull/214
+[pr-218]: https://github.com/haskell/security-advisories/pull/218
+
+
+## Quarterly report
+
+- Was published:
+  https://discourse.haskell.org/t/haskell-security-response-team-2024-april-june-report/9983
+
+
+## Call for Volunteers
+
+- We should draft and publish one soon.
+- Q: call for a specific number, or wait and see?
+    - Be general and commit later.
+- We can mention particular projects / initiatives and applicants
+  can (optionally) identify the particular area(s) they'd like to
+  tackle.
+  - This includes development efforts, and "latent capacity" for
+    dealing with advisory or security incidents.
+- José will draft an announcement, and we will review on the mailing
+  list.
+
+
+## Mailing list
+
+- FT will make sure José is on it!
+
+
+## Bay Area Haskell meetup 
+
+- Mihai will present about SRT at a future session