#fdio-meeting: FD.io TSC

Meeting started by dwallacelf at 15:00:49 UTC (full logs).

Meeting summary

    1. Vratko Polak proxying for Maciek Konstantynowicz. (vrpolak, 15:01:17)
    2. Joel Halpern (JoelHalpern, 15:01:44)
    3. Fan Zhang (fan_zhang, 15:02:30)

  1. Roll Call / Agenda Bashing (dwallacelf, 15:02:32)
    1. valderrv (valderrv, 15:02:33)
    2. Matt Smith (mgsmith, 15:02:37)

  2. Action Items (dwallacelf, 15:05:27)
    1. ACTION: Dhruv to ping ARM community for servers for CI (dwallacelf, 15:06:00)
    2. ACTION: Dave to ping Jerome for contact to Asterfusion for potential donation to CSIT for benchmarking (dwallacelf, 15:06:38)
    3. ACTION: Dhruv to set up a meeting with Maciek/Dave to discuss ARM additions to CSIT BOM (dwallacelf, 15:07:00)

  3. Infra (dwallacelf, 15:07:20)
    1. https://support.vexxhost.com/hc/en-us/requests/370118 <-- GNR RMA ticket. (vrpolak, 15:08:11)
    2. GNR server has been RMA'd (dwallacelf, 15:15:34)
    3. Kudo's to CSIT team (especially Tibor) for the deployment of the Hands-Free Release process.  It has proved to be a great benefit in the amount of work to produce the test results for the VPP Release reports. (dwallacelf, 15:31:58)
    4. CI has been stable this week. (dwallacelf, 15:32:25)
    5. Migration from mediawiki to Confluence/Github wiki is progressing.  VPP migration is complete.  Confluence migration still needs review and Casey's laptop broke causing loss of data in the migration verification. (dwallacelf, 15:33:42)

  4. SRT Vulnerabiliy Management V3 document (dwallacelf, 15:34:20)
    1. Discussion of updates to the SRT process (dwallacelf, 15:35:02)
    2. https://gerrit.fd.io/r/c/vpp/+/46075 (dwallacelf, 15:35:44)
    3. Issues raised include use of AI in determining whether an issue should be reported.  General concern with asking AI if an issue may be a security vulnerability -- in particular, potentially having AI training on the question causing the publication of an actual security vulnerability. (dwallacelf, 15:38:11)
    4. The current consensus is to NOT utilize AI to determine if a bug should be reported or classified as a security vulnerability. (dwallacelf, 15:39:23)
    5. The recommended best practice is to use the CVSS v4 calculator as an initial assessment tool and to directly communicate with the feaure Maintaine(s)r to bring the bug to their attention. (dwallacelf, 15:40:55)


Meeting ended at 15:41:11 UTC (full logs).

Action items

  1. Dhruv to ping ARM community for servers for CI
  2. Dave to ping Jerome for contact to Asterfusion for potential donation to CSIT for benchmarking
  3. Dhruv to set up a meeting with Maciek/Dave to discuss ARM additions to CSIT BOM


People present (lines said)

  1. dwallacelf (20)
  2. collab-meetbot` (14)
  3. vrpolak (2)
  4. JoelHalpern (1)
  5. fan_zhang (1)
  6. valderrv (1)
  7. mgsmith (1)
  8. edwarnicke (0)
  9. mackonstan (0)
  10. JeffShaw (0)


Generated by MeetBot 0.1.4.