Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Meeting 2024-11-20 minutes #53

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open
Changes from 4 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
165 changes: 165 additions & 0 deletions meeting-minutes/2024-11-20.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,165 @@
# 1. Opening Activities

## 1.1 Opening comments (Co-Chair)

## 1.2 Introduction of participants/roll call (Co-Chair)

Quorum requires participation of 9 or more of the 17 voting members (including the officers).

| First Name | Last Name | Company | Role(s) | Present |
|:-----------|:-----------|:------------------------------------------------------------|:--------------------------|:--------|
| Adrian | Diglio | Microsoft | Voting Member | NO |
| David | Kemp | National Security Agency | Member | NO |
| Denny | Page | Individual | Voting Member | YES |
| Duncan | Sparrell | sFractal Consulting LLC | Voting Member | NO |
| Feng | Cao | Oracle | Member | YES |
| Harin | Sarda | Cisco Systems | Voting Member | YES |
| Jautau | White | Microsoft | Voting Member | YES |
| Jeremy | Rickard | Microsoft | Member | NO |
| Justin | Murphy | DHS Cybersecurity and Infrastructure Security Agency (CISA) | Co-Chair | YES |
| Kris | Vandecruys | Cisco Systems | Voting Member | YES |
| Kunal | Modasiya | Qualys, Inc. | Member | NO |
| Langley | Rock | Dell | Voting Member | YES |
| Martin | Prpic | Red Hat | Voting Member | NO |
| Omar | Santos | Cisco Systems | Co-Chair | YES |
| Pablo | Quiroga | Qualys, Inc. | Voting Member | YES |
| Peter | Gephardt | IBM | Member | NO |
| Przemyslaw | Roguski | Red Hat | Voting Member | YES |
| Shridhar | Chari | Cisco Systems | Member | NO |
| Sonny | van Lingen | Huawei Technologies Co., Ltd. | Voting Member | YES |
| Stefan | Arntzen | Huawei Technologies Co., Ltd. | Voting Member | YES |
| Stefan | Hagen | Individual | Secretary, taking notes | YES |
| Thomas | Proell | Siemens | Member | NO |
| Thomas | Schaffer | Cisco Systems | Voting Member | NO |
| Thomas | Schmidt | Federal Office for Information Security (BSI) Germany | Voting Member | YES |
| Tobias | Limmer | Siemens | Member | NO |

Quorum was reached (13 voting members present)

## 1.3 Procedures for this meeting (Moderator)

## 1.4 Approval of agenda

* Roll Call
* Updates:
* Happy (belated) birthday OpenEOX!
* CSAF Community Days Dec 12th and 13th
* <https://oasis-open.github.io/csaf-documentation/communitydays/>
* CVE and CPE discussion (Feng and Przemyslaw)
* Approval of previous meeting minutes (motions carried out per e-mail motions)
* Review of outstanding issues and pull requests marked for TC discussion: https://github.com/oasis-tcs/openeox
* [Meeting minutes August and September #50](https://github.com/oasis-tcs/openeox/issues/50)
* [CISA proposed definition for "security support" as part of NCSIP Initiative 3.3.2 #51](https://github.com/oasis-tcs/openeox/issues/51)
* [End-of-Software Maintenance #29](https://github.com/oasis-tcs/openeox/issues/29)
* based onn last month's discussion for [Using "End" word in the lifecycle definitions #38](https://github.com/oasis-tcs/openeox/issues/38)
* [End-of-Security Vulnerability Support #32](https://github.com/oasis-tcs/openeox/issues/32)
* [Suggested new optional field "successor" #3](https://github.com/oasis-tcs/openeox/issues/3)
* Next steps

Agenda aggreed.

## 1.5 Approval of previous minutes (Moderator)

None (motions carried out already per e-mail motions).

## 1.6 Review of action items and resolutions (Secretary Stefan)

None

## 1.7 Identification of TC voting members (Secretary)

- the roster is out of sync so no statements on member status changes possible during meeting

### 1.7.1 Prospective voting members attending their first meeting

### 1.7.2 Members attaining voting rights at the end of this meeting

### 1.7.3 Members losing voting rights if they have not joined this meeting by the time it ends

### 1.7.4 Members who previously lost voting rights who are attending this meeting

### 1.7.5 Members who have declared a leave of absence

# 2. Future Meetings

## 2.1 Future meeting schedule (Secretary)

- Scheduled Teleconferences (Wednesday at 09:00 PT / 12:00 ET / 18:00 CET / **17:00** UTC for 1 hour)

```
December 18, 2024
```
- regrets from Stefan Hagen

# 3. Discussion

- [Meeting minutes August and September #50](https://github.com/oasis-tcs/openeox/issues/50)
- Stefan: Please provide the recordings to fix the roster
- Justin: Will see that the recordings will be sent to Stefan for extracting
- [CISA proposed definition for "security support" as part of NCSIP Initiative 3.3.2 #51](https://github.com/oasis-tcs/openeox/issues/51)
- Justin: Motivates the issue and invites everyone to discuss the proposed definition in the issue
- Langley: We are responding to security events or security incidents, but not to security risks
- [End-of-Software Maintenance #29](https://github.com/oasis-tcs/openeox/issues/29)
- ... based onn last month's discussion for [Using "End" word in the lifecycle definitions #38](https://github.com/oasis-tcs/openeox/issues/38)
sthagen marked this conversation as resolved.
Show resolved Hide resolved
- Justin: Moves to close the issue [Using "End" word in the lifecycle definitions #38](https://github.com/oasis-tcs/openeox/issues/38)
- Przemyslaw: Seconds
- No discussion, all in favor, motion acarries
sthagen marked this conversation as resolved.
Show resolved Hide resolved
- Przemyslaw: Updated the proposal to focus (at least for now) on only the end of periods and to allow specification of scopes
- Langley: Coupling feature with security updates? Feature is evolution, while maintenance is conserving, no?
sthagen marked this conversation as resolved.
Show resolved Hide resolved
- Przemyslaw: Agrees. The scopes present were added as examples
- Feng: Example term support; We may have a problem with not yet having agreed on universal definitions for support which may be different from supplier to supplier
- Przemyslaw: Such scopes may be defined per supplier, do not have to be universal
- [End-of-Security Vulnerability Support #32](https://github.com/oasis-tcs/openeox/issues/32)
- Skipped
- [Suggested new optional field "successor" #3](https://github.com/oasis-tcs/openeox/issues/3)
- Skipped

## 3.1 Next steps

* Keep on discussng on GitHub and mailing list

# 4. Other Business

- Feng: Submitted use cases and thinks these should be discussed before being able to practically discuss terms
- Thomas Schmidt: Yes, but should not block discussions on terms
- Cf. <https://github.com/oasis-tcs/openeox/blob/main/value-scenarios/README.md> split per:
- <https://github.com/oasis-tcs/openeox/tree/main/value-scenarios/contributor-scenarios>
- <https://github.com/oasis-tcs/openeox/tree/main/value-scenarios/general-scenarios>
- Langley: Agrees that some commonality needs to be reached
- Przemyslaw: Thinks we already discussed and agreed; in any case we should progress towards a "minimal viable product"-like set of definitions / schema
- Justin: Place use cases discussion on agenda for December meeting
- Thomas: Open to both sequences of steps; the schema can always follow. If we need discuss scenarios first, we should follow, but we should progress no matter in which order.
- Feng: Emphasizes his priority for reaching a common ground to be able to place OpenEOX on the market place
- Justin: Proposes to invite everysone to visit the submitted scenarios and for others to submit or modify missing or incomplete scenarios and then follow over the next couple of meetings to share the scenarios
- Sonny: Maybe use a full day or even a face to face meeting with a white board to discuss?
- Justin: We could add an extra meeting for that purpose and bring back the resulkts to the regular TC meetings
sthagen marked this conversation as resolved.
Show resolved Hide resolved
- Thomas Schmidt: Feel free to use the CSAF Community Days for such discussions
- Justin: Repeats his proposal and likes to progress with the issues noted on the draft agenda
- Pablo: Likes us to summarize where we are on next meeting and create a timeline to not rush but also share a common plan to ensure progress monitoring; iterations but no cycles
- Justin: Likes that and proposes that during the December and January 2025 meeting everyone presents their use cases / scenarios in say 15 minute time slots to then produce a rough timeline
- Przemyslaw: Let us go for that and he even likes to present their use cases first
- Justin: Let us start with 3 people starting please notify when you are ready
- Jautau: Maybe we will lose relevance when instead of end of maintenance we allow to state enf of whatever mean with maintenance
- Thomas: Encourages everyone to provide input so that together we can decide the way forward

# 5. Resolutions and Decisions reached (by 10 minutes prior to scheduled meeting end)

## 5.1 End debate of other issues by 10 minutes prior to scheduled meeting end and follow the agenda from this point (Co-Chair)

## 5.2 Review of Decisions Reached (Secretary)

DECISION to present use cases and scenarios during the December and January (2025) meetings

## 5.3 Review of Action Items (Secretary)

ACTION on all to prepare and propose 15 minute presentations of use cases and scenarios for December and January (2025) meetings

# 7. Next Meeting

```
December 18, 2024
```

# 8. Adjournment

Meeting was adjourned.