meeting notes: 2024-06-12

meeting-notes/2024-06-12.md

@@ -0,0 +1,35 @@
+# SRT meeting 2024-06-12
+
+Previously:
+https://github.com/haskell/security-advisories/blob/main/meeting-notes/2024-05-29.md
+
+## haskell.org security page
+
+There is now https://www.haskell.org/security/
+
+We still need to configre subdomains so advisories (which was redesigned to be compliant with Haskell Foundation design) index is automatically updated.
+
+## CVSS Version 4
+
+Initial PR to support CVSS Version 4 [#208](https://github.com/haskell/security-advisories/pull/208)
+
+## Fixed git timestamp parsing logic
+
+Switched to UTCTime everywhere to avoid unexpected issues [#201](https://github.com/haskell/security-advisories/pull/201).
+
+## Snapshots to distribute advisories
+
+Gautier worked on [#179](https://github.com/haskell/security-advisories/pull/179) to introduce a new export mode to hsec-sync to help downstream user (without git dependency).
+
+## Ecosystem Workshop
+
+Fraser introduced the SRT at the ZuriHac workshop.
+The main issue to tackle is the SBOM with SPDX
+
+## 2024 April\u2013June report
+
+Fraser mostly completed it, we might want to add the slides he has used during ZuriHac Ecosystem Workshop in the repository.
+
+## Advisory database
+
+Additionally, 2 HSEC ID has been reserved for an embargoed vulnerability that we anticipate will be published in Q3.