04-13-2022 TSC Meeting Minutes
- Santhosh Fernandes
- Daniel Havey
- VM (Vicky) Brasseur
TSC Meeting Zoom link
Meeting Recording
Meeting Chat File
Attendees & Representation. Please add your name to the attendance table below.
Attendees | |
Name | Company |
@Daniel Havey | Microsoft |
@Eric Tice | WIpro |
@Jason Niesz | Walmart |
@VM (Vicky) Brasseur | Wipro |
@Dave Thaler | Microsoft |
@Dhivya R | Walmart |
Nitin K Taur | Walmart |
@Satya Pradhan | Walmart |
@Santhosh Fernandes | Walmart |
@Kiran KN | Wipro |
@Luka Perkov | |
LF Staff: @LJ Illuzzi
Agenda
Meeting note taker
Welcome to new attendees
List of L3AF Contributors and Committers for LFN Badges
LFN Status of storage for storing eBPF package repository artifacts
Reporting of security issues - new groups.io list (https://lists.l3af.io/g/security)
General Topics (cover as needed)
Use Cases
Roadmap
Project structure
Governance
Technical Steering Committee
PR's
License issue
Minutes/Updates
Reporting security issues
List as placeholder created as a way to support security issues that are not public
Anyone can send messages, but it is not public and only members can view
Initial list: all members of the TSC: Jason, Santhosh, Eric, Dave, Lj
Short term solution
Qualifications for TSC and security are not the same
Working with PM for LFx security: Will be on Apr 27, 2022: Overview and getting started.
Propose that we also overview on license and export scan tools. Apr. 20, 2022(?)
Is there overlap between the 2 tools?
PRs
#47 mTLS support: please review
Completes a piece of the loopback/non-loopback design
#33: Governance
Updated removal section
Approved. Forward to TAC
Issue #15
Must be done by WallMart
SPDX identifier of the license changed, not matching at the bottom.
Kernel will accept dual with GPL in it.
Santhosh: Need to retest.
bpf_ipfix_egress_kern.c - please make dual license
Commit hook from gitHub that checks the license?
Please do: https://github.com/l3af-project/eBPF-Package-Repository/issues/18
By default: block things that just say GPL?
Example: BSD string, and instead of or them
Two legal strings: Dual licensed GPL and ... or Apache 2.0: According to charter
What happens if the license is the code?
Look for GPL or whitelist?
Whitelist is easiest.
If needed in the future we can expand.
PR #70
Request for review
Step 2: Testing for Windows.
Only Makes the programs compile, does not test the programs themselves
rate_limiting and xdp_root
Please put Dave on the code owners list for l2af-project repos
Work in progress PR on process for this
TSC makes the call. Approved
Each repo needs a PR to update code owners
Admin can make the settings change. (Santhosh). Done.
Storage through LFN
Left off: understand what level of subscription that we need
Figure out how it gets paid for
Jason: Getting input from legal (WallMart)
Lj: Start with cost. Then we can consult the LFN on the model
Can use free tier to get started.
Figure out what services fit the model.
Hone in on the platform so that we don't have to rip it all out and replant somewhere else.
PR #14
Someone generated a request for doc readability
Has merge conflict. Hasn't been addressed for a couple of months.
Santhosh: Just close it. The changes have already made it into the doc
PR #8 Storage
Is Azure an option? MSFT is a member and AWS is not.
Might be easier to justify.
Why is LFN dictating that we must use Amazon?
This complicates things for us. We don't have relationship with AWS.
Santhosh: Azure blob
Please ask on Slack
Action Items
Future Agenda Items
LFx Security Overview and Getting Started scheduled for 04/27
Proposal that the community receive an overview on license and export compliance scan tools. Queue this up for 04/20?