 Hello. Hi, everybody. Good morning, everybody. Hey, Sean. Sorry for the confusion, Tracy. I thought I was in the wrong room. So I just guess. All right. Welcome everybody to the December 1st hyper ledger technical oversight committee call. As you are all aware, you've been on this call before two things that we must abide by the first is the antitrust policy notice that is currently displayed on the screen. And the second is our code of conduct. Which is linked in the agenda. So as far as announcements go today, we have the standard announcements of the Dev Weekly developer newsletter that goes out each Friday. If you have something that you want to include in that newsletter, please leave a comment on the wiki page that is linked in the agenda. Any other announcements that anybody has or would like to make? Yeah, Angelo. So probably this and this, this thing will not be of interest for money, but I just wanted to take the chance because I, I didn't run again for, for the, the TOC. I just want to take the chance. And you never know to, to say thank you to everybody. I really enjoyed all the discussion. I learned a lot also from the interactions that we had in the past, in the past years. So a really big thank to, to everybody for this opportunity and for this great experience. Thanks a lot. Thanks Angelo. And yes, thanks for being on the TOC for the last year. It's been, it's been great to have a voice. Thank you. Thank you so much. Thank you. I think that is the. Curious and interested about what's happening in the technical space. So thank you for that. Any other other announcements that anybody would like to make? All right. So speaking of the upcoming TSE and the election. The election did close yesterday. I saw that we had 77 votes that came in. We didn't vote in the technical oversight committee. So it's. Somewhat disappointing that we moved to. Maintainers only people we thought would be interested in. Voting for the upcoming technical oversight committee folks. To not see a larger number there. But maybe we'll have to do some. Some conversations with some of the people who didn't vote to see why they didn't vote in what we could do differently in the future. We do not have the results yet because the next step is that the governing board. As you recall has to elect. Five. People. Five additional people to the list of technical oversight committee members. And so that will be. Starting here shortly. So I think that's a good point. I think that the staff is working on getting the information gathered from what. What the results were. And also putting together some information on. The individuals. That. That we have as far as diversity and things like that. So. Probably mid December is when we'll see the results coming back in. For the next year's technical oversight committee. In the next year's technical oversight committee will see the results coming back in. As soon as it's available. After that, as you are probably all aware. The next steps would be to elect the TOC chair and vice chair. Or no. Yes. Hi everybody. Thank you, Tracy. No, I just wanted to comment on the election process. I think, you know, given the more numbers of vote, if we had said, okay, you have two weeks to vote, it doesn't feel like we would have lost a lot. I don't know that for a fact, obviously, but especially given the, the additional stage of having to go to governing board. I think, you know, two week period to vote to cast the votes probably was good enough. But we might want to think about that in the future. Yeah. Yeah. No, thanks. I will tell you that probably a third of the people voted this week. A third of the people who actually voted. I think it went from 50 to 77. And this week. So. I don't know if that's because we pushed people. Yeah. So, you know, we pushed people. Yeah. Yeah. Okay. I completely hear you though. Yes. Your point is taken as well. So. Thank you for that. All right. Any other comments on just the technical oversight committee election or any other other announcements that people have? Hey, Tracy. So I know like previously we refrain from doing it, but since this time the election was focused. Only to maintainers can be this time. Do some. I mean, the analytics is visible to us. Who has voted was not. Can we try to get feedback from them? The maintainers were not participating. Yeah. I think that's a really good idea. I think it's just reaching out and seeing if we can get a summary of why they didn't vote. You know, I don't know what those choices might look like if we were to do a choice sort of thing, or if it's just a open ended question, tell us why you didn't vote. But I do think it's worthwhile to see and. Understand, right? What, what, what the reasoning is for that. All right. Any other. Comments or announcements? Not seeing any. We did. We haven't met for about a month. And so we have a number of quarterly reports that did come in. In the past month. And. As I was going through them this morning, I didn't see any open or out. Standing questions about any of those reports. It looks like all the questions that were asked were answered or. Any comments that were made were. Updated in the, the actual reports, but did anybody have any questions or anything that we should talk to. The, the communities about related to their quarterly reports. We'll take that as a resounding no. The upcoming reports. We did get the cellar report that came in. Already this week. So. That one's available. The Ursa report. It's probably worthwhile to have a conversation with the Ursa team. I know they just gave us their Q through Q3 report. Not too long ago. And so it may be. That they're not thinking about the Q4 report yet. So we'll just have to maybe reach out to them and see, and see what the status is there. And then for next week, the reports that we're looking to get. And I think these are the remainder of the reports for the year or the basic caliber and firefly reports. All right. Any, any questions on any of the reports before we move on to the discussion items. So for discussion today, I wanted to talk about the status updates for the task forces that we've kicked off. For this particular year. I want to see. And what we're waiting on. How do we close these out? Is there anything that can be done to, to move us beyond where we're at to move these forward. You know, I, I. There was another task force that we had, which I ended up closing out. Because. What we decided was that it was really the, the staff decision as far as, you know, what gets priority and how do we present this. However, I do recall from that task force. That one of the things that was, we were waiting on was to see some mockups for some of the. New web pages. And so. I don't see Mr. Boswell on the call today. To give us an update on that. But I think that's one of the things that we are waiting for. Just to, to see how we. Lake the different projects together on the website. Oh, you are on the call, David. How did I miss you? Oh, you were at the top. Co-host. Yeah. David. Do you have any updates on that? Yeah. Quick update on that. Unfortunately, this gotten tied up with some web dev. Other web dev issues on the site. The plan was to launch it on the current site. Earlier this year in time for global forum, but then the web dev team decided that it would probably be best to wait. Long story short, the, there's going to be a redesign of the site early next year where the site moves to a different flat hosting platform. And so the web dev team didn't. Ultimately decided it didn't make sense to code it once for WordPress and then have to recode it just a few months later for a different platform. So their recommendation was to hold off. And. Do that when we launched the new site and sorry for not providing updates sooner. We've just been trying to sort out the exact timing and details on our end and all of that is not yet. Fully final on our end, but the web dev team did decide. It did make the most sense not to go ahead and do it on WordPress. So. We'll give you updates soon when we know more of timing, but. We'll be a little bit later than we had hoped in terms of getting it posted. All right. Thanks, David for that. Update. So yeah, let's go through the other task forces then and see where they're at and what can we do to get them closed out or move them forward. So the first one is the project gaps task force. Dana, I know. We had done a lot of different things. About, you know, what kind of projects we have, what kind of projects we don't have, what labs exist that might fill in some of the gaps. Where are we at specifically with this task force and what do we need to do. To, to move this forward. So the, the goals was to produce a list of labs that would go in and possible holes. And on the page, the recommendations. Delivered on that. In August, we kept it open over Hyperledger global form. In case some of the chatter at the global form. Prompted us to add more. Entries or gaps or whatever to the, to the list and none of those surface. So, you know, based on the objective set out when we form the task force, it's delivered. It's its product. Which was that recommendations page. Okay. So we can then move this forward. It's, it's product. Which was that recommendations page. Okay. So we can then move this to the prior task force list. As far as what it has. Where we're at with that. Correct. So we can take that action to do that. Okay. Great. Thanks, Dan. Jim, the project health dashboard. Yeah, thanks, Tracy. So this one, I think we originally set this up to deliver some automated content into each of the project reports. We achieved the, the first step of identifying what needs to going there to reflect accurately with data. The, the, the project health. But we haven't achieved this. The initial goal of doing the automation. It's mainly due to resource constraints coding. Coding wise and setting up infrastructure. But we did manage to give the output to the Linux foundation inside team as input for their future enhancements. So I think we have the option of closing this off with the reduce the scope and just consider the, the, the output being just the report itself. And then we can always choose to act on that. In the future when we do have resources available. Okay. So one of the things that I was thinking about with this and another conversation that I had was around whether or not we wanted to have some sort of. You know, let's call it a spreadsheet for sake of ease. That basically provides a list of things that we would expect from projects. Things like maintainers file. These are the easy things, right? Things like maintainers files, contributor files. Things that talk about how do you become a maintainer? You know, all of the basically good practices or best practices for, for being a successful kind of open source project. And then just the, you know, kind of a check mark, yes or no next to it. I know right now we're kind of doing that in the project reports. But I'm wondering if there's a different way for us to do that and kind of have it all in one location. And basically something that we could maintain as we kind of go through and see these things getting completed or finished. It's not quite the same. I think is what this dashboard was and is intended to be within insights, but I'm wondering if it does help us in some way just to be able to understand kind of these, these best practices, if you will. Yeah, yeah, I think the, the report that we ended up with can be easily turning to express sheet format. And I'd be happy to help with that. So we can have that sort of as a self either as a self evaluation or as a set of format for projects to self report on their projects to be able to, to be able to, to be able to have related to the documentation of how their projects are run. And I think this, these are the key things that we can do. And I think we can do that as well. Yeah. Yeah. Yeah. That would be great. Yeah. And I know. I think this is coming out of some of the conversations you and I had as well about some of the things that we'd like projects to be able to. To be able to have. Um, and I think this, these are the two things that came together in my head to create kind of this spreadsheet of check marks of yes, no, um, sorts of things, um, maybe even pointers to where those things are, uh, if you will, so that people can easily find, uh, where things are documented because I don't feel like we're very consistent across our projects and where we document some of these things. Um, some of them have them, uh, in maintainers files, some of them have them in contributors files, right? So like there's, there's just different places where things are captured. And I just want to make sure that we have a, um, you know, uh, one place kind of to go look and see how our projects are doing and, uh, maybe. You know, a directory for people who are interested in getting involved in certain projects. Totally agree, Tracy. Thanks for bringing this up. Yeah. All right. Uh, anything else then on project health dashboards that we should. That anybody has any commentary on. Um, hi, it's Dave. Uh, I agree with your points about consolidating that information. And there's also a few of the questions that are in each of the projects reports that. I've been there for like most of the year and people would just copy paste, I think. So it'd be good if those things got moved to the common spreadsheet or the common page will have where we do it. And then the project reports, maybe just link to that. And you can say, do you have any updates. On the comment page, that type of thing. Yeah, I think that's a really good idea. Dave, I saw similar sorts of, I was thinking similar sorts of things when I was looking at some of the newest reports that came in, it's like, that looks very similar to what I saw last, last time they reported, right? Um, so yeah, I'm agreeing with the copy paste and how that might just, uh, you know, some of the stuff is just not needed there in the project reports anymore. All right, anything else then. On this particular topic. All right. So then the last task force that we have is the security task force. So Arun, I know you've been hosting some meetings. Wouldn't just see if we could get an update from you on what the status is and what kind of steps we are taking or need to still take to get this one closed out. Sure, Tracy. Hey, everyone. So in terms of update, we still stand at the same place as what was updated in the previous day's TOC call, which is where we have certain action items that were supposed to be written down. For instance, in our initial proposal, we had the easy targets achieved. But after that, taking the feedback from the TOC, we went back and then verify the other proposals. And out of those proposals, like the after multiple discussions, we realized that some of the open SSF recommendations are to be proposed. Or here in hyperlature for immediate implementation. I apologize because I haven't been able to follow up since the global forum event. But yes, the task force itself has completed for now. The tasks that were to be done. However, the one of the proposal that we had as part of the task force itself is security is not one time activity, which we should be reviewed. And then once we put up these 10 or 15 items that it's done, but rather it should be continuously evaluated as well. So that is an open item, which I still see that we end up discussing. For instance, in the previous call as well, I'm not brought up a tool that we should be leveraging in our build process. This Nike tool reports, right? So that's where we stand right now. And currently the task force meetings have been canceled, the Tuesday meetings. I guess there was a conflict and then the rescheduling of that is not done because I was occupied in the past month. I, again, apologize for that. That's the current status. Okay. So there is, sorry, on this night tool that I'm not brought up. I was not also aware of that. The next foundation has already provided that in the, in the dashboards that are available for all the projects. The discussion that we had in the previous task force meeting was to go through that and then recommend how the projects teams can start using that. We already saw some of the project teams have been taking measures to mitigate some of those risks reported by the tool. I'm not sure if those reports were shared through this tool or through some other needs, but the tool has captured those status as well. Okay. Yes. So, you know, I, I, I claim a responsibility or take responsibility for having started this. I still feel that we have a lot to do in that space. And I mean, I, you know, I don't think you have to apologize. We all get busy at times and that's okay. I mean, you know, I thank you for trying to be this anyway. But, you know, it's, I, we started this. That was based on my report that the open SSF had produced a guide for on, you know, for open source project and how to handle vulnerability disclosures. And then, you know, I'm very much involved in open SSF these days. And I can tell you that the list of tools and recommendations keep increasing all the time. And I think in general, you know, especially given the space we're in with blockchain, which is pretty security sensitive. I mean, those recommendations are true for any open source project. But, you know, as I was saying, just, just if anybody should care, it should be us because in a blockchain space, we care about security and maybe more than anybody else. And so I think we, there is a lot to learn from the recommendations that, you know, Arun was referring to some of the tools that are being, you know, pointed to there are some that are actually developed by open SSF itself that help, you know, track the packages, for instance, that you're using in your, in your software, and it will alert you automatically if there's a vulnerability that has been disclosed in one of the, or found in one of the packages you depend on. And so, you know, the other part is, you know, a lot of this has to do with providing attestations about, you know, ensuring the provenance of the tools. And so, again, the software is also starting to provide some of those tools, but then then it's returned on by default. And sometimes it's just a matter of going change the, the, you know, your GitHub settings to get to use those new features. And, and the other part is, you know, there's a lot of new features and so again, the software we're developing so that people can use them knowing that they're actually using the genuine version and stuff like this. So there's a whole array of things that need to be done that, you know, as we say nowadays, it's like to improve the security posture of a projects. And so I think this, you know, this task force is still very much needed. You know, I see this as a way to try to, you know, go through all these different options that are being brought up and recommendations and try to figure out what it means for us. I predict her. And so that we can then turn around, you know, and tell our community are different projects. Okay. These are guidelines that we really want you to follow. All right. Make sense. I agree with our know, I think we have, you know, we have a lot of stuff to do. This, you know, I expect this will be a fairly long-term effort. But in the near future, you know, we'd like to get, you know, more precise bug bounty programs rolled out. And we'd also like to, you know, formalize a security audit process as well as, you know, trying to, I don't know if standardized is the right word, but trying to help formalize CV. I guess even if we can't mandate them CV best practices. So I totally just want to briefly agree with what Arnaud said. Okay. So it sounds to me, if I'm hearing correctly that we've still got some work to do and it's going to be around documenting guidelines and best practices for security. So potentially implementing some programs within the Hyperledger Foundation as a whole. Is there, with the first part, how much of what's being done in open SSF is applicable to that? Or are we creating separate from open SSF? I'm trying to figure out what the, what the relationship is between Hyperledger Foundation and open SSF and in this kind of task force. Absolutely. Yeah. I mean, we're, we're trying to get people to adopt the best open SSF practices. Right. Right now we don't have any formal policies say on CVE disclosure, right? And when we talked about that last time earlier this year, you know, people were hesitant to follow the open SSF best practices. So I agree. I mean, it's not about creating our own policies per say, our own guidance. It's really, you know, deciding which ones we want to adopt and what tools we want to leverage. So that we can recommend that to the projects in Hyperledger. Okay. Makes sense. So then I guess we keep the, the security task force open for now. As we determine what those open SSF best practices are that we want to adopt and what the tools are that we want to, to recommend to our different projects. All right. Any other comments on the security task force? Any other things that we should be considering or thinking about here? I'll take that as a no. So if we go back to the agenda, we do have some sections at the bottom of the agenda about new project proposals and then kind of our backlog of issues. So Sean, if you wouldn't mind going back to the agenda. So we've got the HLF operator hip that's been proposed. I will let you know that there are conversations that are ongoing between the submitter of this proposal and the bevel community. The results of those are yet to be determined. But I, I want to leave this open until some sort of decision is made as to whether or not it makes sense to bring this into the bevel operators or what direction this is going to take. So for now, this is going to, to remain open. Hopefully we can continue to report back on those discussions and how they're proceeding for additional, for additional meetings that we might have. And then for the backlog items, we do have this one open issue, which is what spawned the security task force, which is to update the security process for hyper ledger. I, I'm, I'm not sure what to do here since we kind of have two threads. One, which is this issue and one, which is the task force. Do we leave the issue open until the task force is completed? Or do we close this with the, we created the task force to handle it? I'm looking for some sort of direction or thoughts on kind of this backlog item. Happy to keep it open, but also don't want to leave it there. If it's just creating noise. Any thoughts that anybody has here. Hey, Tracy. Yeah. I mean, I think part of the task force mandate is to suggest updates to this. So I think it's fine if we roll it into the task force. Okay. Any objections to that? Anybody who thinks that should be, should remain open separately. Right. Not enough objection itself, but I don't know how to put it better, but the project team who proposed here, they did reach out on a chart and they were asking for comments as well. They were asking me to review and then make some comments and get involved. So I know like there are personally, but when I looked into some of the available labs, there was, I guess there is one more operator project or maybe two more operator. And within hyper ledger already incubated projects, we do have one project that does make use of operator concept. And then there is bevel. I mean, we are already in a phase where there are, so my question, like what I am trying to get towards is would fabric team be willing to participate in these discussions? Because most of these are kind of dying to fabric as well. At least that's where the confusions or the questions are arising. As far as I know, at least the except for bevel, which provides integrations for multiple other platforms, most of the other operators that we see are all on the fabric. So can we have fabric team involved and help us understand what the direction that team is taking from the fabric side versus which of these two is more ready for that adoption in future changes. And I know unifying may not be straightforward because of the complexity that I already mentioned bevel supports multiple other platforms and most of the others are like operators only for fabric. But at least the guidance from fabric team would be helpful. Hi, this is Davia. I can help and or get somebody from the fabric team to help with this. All right. Thanks, Dave. So make sure to include you in some of the conversations that are ongoing that we have. And Arun, you had jumped us back in the conversation. I was, we were actually talking about closing out the security price updating security process in the backlog items. So I was asking if anybody had any objections to closing that one. So happy to take us back there, but Arun point taken on the Agilef operator and I will make sure that we're including other folks in those conversations. And this is a topic that I'm personally interested in as well and invested in as well. So I want to get involved. So related to the going back to the backlog item then any any objections to us closing this out as being included in the task force, the security task force. Well, so it's really a matter of, you know, kind of accounting how you want to deal with it. I mean, as long as you have the task force, I guess, it's okay to close it. So we're not going to lose sight of it. But to me, it's this is kind of like the issue. And the task force is the way we are going to come up with the answer that will allow us to close this. That's the way I thought about it, but I have no problem closing it. Yeah. I see where you're at, right? Like we shouldn't actually close the issue until it's been resolved. Yeah. Yeah. Makes sense. All right. So the scale is now balanced in my mind. I don't have a preference for either way. We've heard one for closing one for leaving it open. Any other people have any thoughts on this? Otherwise I think I will lean towards leaving it open because that the scale is slightly towards that one. I would also tip the scale to leaving it open. I think it's good to have a reminder that this is what we need to come back to from the task force. All right. Somebody put their thumbs up. I don't know who that was. So Peter needed. Okay. So we'll leave it open then for now. So that's the, we went through the entire agenda. Any other topics that we should be discussing as we. Finish today's meeting. Yes. So this topic came fresh in because I, I got to attend one of the event and blockchain related event and Bangalore today. And. I would like to see something like that within hyper ledger ecosystem as well. And what fascinates me over there is in terms of. The developer relationships in making. Onboarding developer ecosystem, making their experience much smoother. I know this has been brought up in the past. The approach from hyper ledger would be a little different, but if. If there are opportunities for us to open up in multiple ways, I think we should start looking for partnerships or engagements in that aspect. And this could be from multiple angles. For instance, the majority of developer ecosystem comes from, from let's say the, a certain age group, which would much closer, which would be much closer to universities, right? So they would be looking for a quick contributions or a kind of project involvement that they would personally want to be involved in. And I'm not again talking about the mentorship program, because those who are highly motivated and the enthusiasm who would go and explore on their own and willing to contribute at their own phase. So these particular community group is specially large. And once they, let's say, gain that experience, they will carry that forward to for those people from their reach. And this has been a success story for, for at least other groups. And I mean, if there are open opportunities for us to propose some things and like engage in any way, happy to do that. Yeah, that's all. So I'm not quite sure that I'm understanding what you're suggesting. So I'll probably put it in a much other way, right? So engaging university students, especially when they are towards their towards end of their courses or people who are looking out for real world experience for people who are looking out for open source contributions. And they are highly motivated. They are the like the developers group who are willing to learn on their own. Now the investment from our side would be in terms of making sure we have right materials available for them, right trainings available. And this may also require, for instance, Hyperledger Foundation to be engaged with certain universities and prepare course materials if needed or probably engage in creating workshops. Right. So this is what I was trying to go towards. Engaging university students is really beneficial for a community perspective and also in terms of adoption. Okay. I'm going to let a heart comment. I think there's already some things that are ongoing, but I'll see if heart mentions those or not. Oh, absolutely. So yeah, so we definitely have university student engagement as a goal. You know, there's only so much we can do obviously like putting together a full university course is difficult, particularly, you know, like a real thing. We have been, we have been working on this though. And if you have suggestions, you know, we, we'd love to hear from you. So, you know, just, just reach out. If you think that there's something we can do. We, you know, in the same vein, we are going to try to. I guess revamp isn't the right word, but we're going to try to, you know, update the mentorship program as well. To help handle more university students and more university interns as well. So yeah, we'd love to hear from you on, you know, if you don't mind, you know, like writing this up in some kind of. Email or something and then just mailing to us, that would be fantastic. Because we're always looking for feedback and opportunities on this kind of thing. One thing that I know was happening is some work with Morgan State University for some of the kind of conversations about what it is that we're doing in hyper ledger and that was the one example that I was going to bring up. I don't know if you had a comment on that. Sorry Tracy, our contact person at Morgan State left. So that's currently on hold, but that is definitely something we are trying to continue. Okay, great. Thanks heart. Come lush. So I didn't see in her like what I don't need men saying and saying, I think I can relate because. I can also keep different universities in India. Is a speaker is an event partner, but everybody, everybody understand the public blockchain ecosystem like polygon and other stuff, but when come to come to the topic of the hyper ledger ecosystem. So. Even like it's still the educational awareness is missing. So maybe for that front, like what Arun is also saying, like how we can create and talk about the hyper ledger ecosystem in some kind of developer ecosystem going to be events. So because like all this public blockchain communities out there and talking about and building some type of ecosystem, but in hyper perspective. Is a hyper ledger ecosystem goes to the different event, but in the different aspect and talking about the hyper ledger hyper ecosystem and hyper ledger business perspective, but involving the developer ecosystem, but I think could be focused in not just the university, but in general, you know, to the developer ecosystem. Right. Bobby. Hi, everybody. Yeah, I just wanted to supply that in the learning materials working group in the new year is working with David to change up an onboarding site or onboarding mechanism so that when people do inquire, there are the there is the information that they're requesting really easy for them to find. And then possibly we were talking in the group about running classes based on just what hyper ledger does during our meetings like monthly so that people who are interested will get the information. Sounds great Bobby. Any other comments on this topic. All right. Any other topics then that we should talk about before we close out today's meeting. Awesome. I will briefly say that, you know, just in this same vein of soliciting feedback. We are looking together. Sorry, we're looking to put together our events strategy for next year. So if you all think that, you know, there's an event that might not be on our radar that we should attend or have a presence at or try to speak out or do something. So please, please reach out and let us know. Thank you. Thank you, Tracy. Any other topics. All right, sounds like there's none. So with that, we will close out today's meeting. Thank you all for your participation. And we will see you again soon. Thanks everybody. See you guys.