From ccf4e52c578ae429ab9ccb0213c30af70eb0e8f4 Mon Sep 17 00:00:00 2001 From: Tristan Cacqueray Date: Wed, 12 Jun 2024 16:21:34 -0400 Subject: [PATCH 1/3] meeting notes: 2024-06-12 --- meeting-notes/2024-06-12.md | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 meeting-notes/2024-06-12.md diff --git a/meeting-notes/2024-06-12.md b/meeting-notes/2024-06-12.md new file mode 100644 index 00000000..36e35f78 --- /dev/null +++ b/meeting-notes/2024-06-12.md @@ -0,0 +1,35 @@ +# SRT meeting 2024-06-12 + +Previously: +https://github.com/haskell/security-advisories/blob/main/meeting-notes/2024-05-29.md + +## haskell.org security page + +There is now https://www.haskell.org/security/ + +We still need to configre subdomains so advisories (which was redesigned to be compliant with Haskell Foundation design) index is automatically updated. + +## CVSS Version 4 + +Initial PR to support CVSS Version 4 [#208](https://github.com/haskell/security-advisories/pull/208) + +## Fixed git timestamp parsing logic + +Switched to UTCTime everywhere to avoid unexpected issues [#201](https://github.com/haskell/security-advisories/pull/201). + +## Snapshots to distribute advisories + +Gautier worked on [#179](https://github.com/haskell/security-advisories/pull/179) to introduce a new export mode to hsec-sync to help downstream user (without git dependency). + +## Ecosystem Workshop + +Fraser introduced the SRT at the ZuriHac workshop. +The main issue to tackle is the SBOM with SPDX + +## 2024 April\u2013June report + +Fraser mostly completed it, we might want to add the slides he has used during ZuriHac Ecosystem Workshop in the repository. + +## Advisory database + +Additionally, 2 HSEC ID has been reserved for an embargoed vulnerability that we anticipate will be published in Q3. From 4174c29bb45f46a6f3a72e7d6a7f869f2337f59f Mon Sep 17 00:00:00 2001 From: Mihai Maruseac Date: Wed, 12 Jun 2024 18:14:58 -0700 Subject: [PATCH 2/3] Apply suggested change Co-authored-by: Gautier DI FOLCO --- meeting-notes/2024-06-12.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meeting-notes/2024-06-12.md b/meeting-notes/2024-06-12.md index 36e35f78..ff207d6e 100644 --- a/meeting-notes/2024-06-12.md +++ b/meeting-notes/2024-06-12.md @@ -24,7 +24,8 @@ Gautier worked on [#179](https://github.com/haskell/security-advisories/pull/179 ## Ecosystem Workshop Fraser introduced the SRT at the ZuriHac workshop. -The main issue to tackle is the SBOM with SPDX + +The main issue to tackle is the SBOM (e.g. with SPDX). ## 2024 April\u2013June report From 2e71f01f920c57b792aa001784d0b14d8e8f3e35 Mon Sep 17 00:00:00 2001 From: Mihai Maruseac Date: Wed, 12 Jun 2024 18:15:04 -0700 Subject: [PATCH 3/3] Apply suggested change Co-authored-by: Gautier DI FOLCO --- meeting-notes/2024-06-12.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meeting-notes/2024-06-12.md b/meeting-notes/2024-06-12.md index ff207d6e..0864dba4 100644 --- a/meeting-notes/2024-06-12.md +++ b/meeting-notes/2024-06-12.md @@ -27,7 +27,7 @@ Fraser introduced the SRT at the ZuriHac workshop. The main issue to tackle is the SBOM (e.g. with SPDX). -## 2024 April\u2013June report +## 2024 April-June report Fraser mostly completed it, we might want to add the slides he has used during ZuriHac Ecosystem Workshop in the repository.