TSC Meeting Zoom link
Meeting Recording
Meeting Chat File
Attendees & Representation. Please add your name to the attendance table below.
Attendees | |
Name | Company |
Daniel Havey | Microsoft |
Eric Tice | WIpro |
Jason Niesz | Walmart |
Wipro | |
Dave Thaler | Microsoft |
Dhivya R | Walmart |
Nitin K Taur | |
Satya Pradhan | Walmart |
Santhosh Fernandes | Walmart |
Kiran KN | Wipro |
Luka Perkov | |
LF Staff: LJ Illuzzi
Agenda
Meeting note taker
Welcome to new attendees
- List of L3AF Contributors and Committers for LFN Badges
- LFN Intern/Mentorship Program
- LFN Status of storage for storing eBPF package repository artifacts
- Reporting of security issues - new groups.io list (https://lists.l3af.io/g/security)
General Topics (cover as needed)
Use Cases
Roadmap
Project structure
Governance
Technical Steering Committee
- PR's
- License issue
Minutes/Updates
- Reporting security issues
- List as placeholder created as a way to support security issues that are not public
- Anyone can send messages, but it is not public and only members can view
- Initial list: all members of the TSC: Jason, Santhosh, Eric, Dave, Lj
- Short term solution
- Qualifications for TSC and security are not the same
- Working with PM for LFx security: Will be on Apr 27, 2022: Overview and getting started.
- Propose that we also overview on license and export scan tools. Apr. 20, 2022(?)
- Is there overlap between the 2 tools?
- List as placeholder created as a way to support security issues that are not public
- PRs
- #47 mTLS support: please review
- Completes a piece of the loopback/non-loopback design
- #33: Governance
- Updated removal section
- Approved. Forward to TAC
- Issue #15
- Must be done by WallMart
- SPDX identifier of the license changed, not matching at the bottom.
- Kernel will accept dual with GPL in it.
- Santhosh: Need to retest.
- bpf_ipfix_egress_kern.c - please make dual license
- Must be done by WallMart
- Commit hook from gitHub that checks the license?
- Please do: https://github.com/l3af-project/eBPF-Package-Repository/issues/18
- By default: block things that just say GPL?
- Example: BSD string, and instead of or them
- Two legal strings: Dual licensed GPL and ... or Apache 2.0: According to charter
- What happens if the license is the code?
- Look for GPL or whitelist?
- Whitelist is easiest.
- If needed in the future we can expand.
- #47 mTLS support: please review
- PR #70
- Request for review
- Step 2: Testing for Windows.
- Only Makes the programs compile, does not test the programs themselves
- rate_limiting and xdp_root
- Please put Dave on the code owners list for l2af-project repos
- Work in progress PR on process for this
- TSC makes the call. Approved
- Each repo needs a PR to update code owners
- Admin can make the settings change. (Santhosh). Done.
- Storage through LFN
- Left off: understand what level of subscription that we need
- Figure out how it gets paid for
- Jason: Getting input from legal (WallMart)
- Lj: Start with cost. Then we can consult the LFN on the model
- Can use free tier to get started.
- Figure out what services fit the model.
- Hone in on the platform so that we don't have to rip it all out and replant somewhere else.
- PR #14
- Someone generated a request for doc readability
- Has merge conflict. Hasn't been addressed for a couple of months.
- Santhosh: Just close it. The changes have already made it into the doc
- Someone generated a request for doc readability
- PR #8 Storage
- Is Azure an option? MSFT is a member and AWS is not.
- Might be easier to justify.
- Why is LFN dictating that we must use Amazon?
- This complicates things for us. We don't have relationship with AWS.
- Santhosh: Azure blob
- Please ask on Slack
- Is Azure an option? MSFT is a member and AWS is not.
Action Items
Future Agenda Items
- LFx Security Overview and Getting Started scheduled for 04/27
- Proposal that the community receive an overview on license and export compliance scan tools. Queue this up for 04/20?