 Okay, thanks so On our agenda today, we have the usual hackfest we have Discussion about the internship program, which was very successful last year and so that's going to be kicking off soon project reporting from composter and then we'll have a discussion again about working group updates With Tracy back from China, I believe right Tracy on she is yeah, and then finally Confidential security bug handling So David is going to regale us with a slight modification for our process We're able to record security bugs for all the projects And we'll cover that at the end So but before we begin I do want to Recognize the sawtooth for their one day to release and congratulate them and I thought This would also be a good opportunity not just for others to congratulate Dan and neck and the team but also For those for the for the sawtooth team to maybe Sorry give some feedback on the process what work what didn't work what was awkward what was you know Looking so forth. I think it'd be instructive to all who intend to get there eventually Congrats guys Thanks Chris on behalf of the many other sawtooth maintainers You know, I think the the process probably like like any release the hardest part that That we go through is is a lot of the things on the engineering side of just trying to Slow things down and button things up. So it's it's stable for for the release From a hyper ledger process perspective, I think all the The the marketing and outreach worked really well and I really appreciate the support from Jessica and Meredith and and Greg and and everybody over there getting that together I Think we We also developed our own processes for what was important to us on the sawtooth team That weren't part of the hyper ledger processes Things around stability and uptime testing. So we had our own key performance indicators KPI's that that we enforced for our release I Don't know that I would Propose that other projects adopt the KPIs that were important to us, but We'd kind of hope that that any project that's going to 1o has some Some sort of stability KPI What we did for for hours was we would put our builds through a seven-day Test with multiple validators and try to put it at a heavy load on the system And that way we were able to expose bugs that would only come out at say the the thousandth block or You know some other race condition that would only come out probabilistically Yeah, so those are just some of the things off the top of my head, but you know, I'm open to more Discussion here mix just I am in me that he's stuck in a windows update So he'll be along Yay, all right, so thanks and and thanks to making and the rest of the team I think it's great that we have multiple projects at 1o and look forward to seeing more Yeah, it was definitely great to have fabric go through that the PR process in particular first to Establish those things and that's probably why it was so smooth for us having an older sibling is For the older sibling, it's not that great, but I Know it's being the oldest in my family Okay So next up Todd hack desk planning so Los Angeles is well underway. I think there's an agenda building up Hi, yeah, just a couple couple of things for LA Just drop the registration link in the win in the rocket chat if you haven't registered get that done ASAP Draft agenda in the window as well Drop any topics in there But more importantly on the draft agenda for the day zero the training that we're doing helping devs come up The learning curve we have some volunteers for fabric for composer Would love the other projects that are going to be there Sign up So saw tooth for sure I saw a few of the maintainers that are going to be there if we can get names assigned for that As well as all the other projects. So for any of the maintainers on those projects, please pop in there and Sign up for that that'll be hugely helpful for getting new devs into our ecosystem and just helping them better participate in You know the the two days of the hack fest where people can focus on some more advanced topics Onward from there Dubai still still pending hope to have an update soon Unfortunately nothing yet Amsterdam we did announce last night that is fully confirmed. So let me just drop the Registration link into the rocket chat So please get registered for that June 27th to 29th for those of you that were there in October of 16 I think same venue ABN Amros hosting again So really happy to bring this back there. They were a great host partner on that Similarly the same thing for the draft agenda there drop in any any topics and for those that'll be there on the first day Please help with the training training and intro stuff That's all any questions Okay, thanks about the internship program yep So internship program really quickly. This will be very similar to last year as Chris said this was successful for many of the interns and those that Hosted the interns and mentor them. So really appreciate everyone that pitched in for that So let me just drop a few links in So here is an overview for the program It'll look very similar to last year the main action item at this point is over the next about two and a half weeks from now until the 23rd we are calling for any mentors that want to step up to help an intern And propose any projects that they'd like to see these interns work on so last year we had Over double the number of mentors then we were able to accommodate This year I suspect we'll get even more submissions So we have expanded the size of the internship program. So we'll be able to host twice as many interns this year For anyone that signs up as an intern intern and completes the program Well, you will be flying them out to hyperledger global forum, which is our major event at the end of this year So here is information for anyone interested in being a mentor Please get that submitted by the 23rd and I will continue to remind everyone up till the deadline Any questions there? Yeah, and for those for those people who weren't in Lisbon, we we heard from a few of the interns As they read out on their your projects and they were really pretty sharp kids and they did some really good work. So I'm really pleased with how that worked out Great any questions there? Uh, Todd is there some uh, uh, like a limitation for the interstudents Um In what sense for for limitation Uh For from uh, from what what kind of areas or countries? Yeah, they apply Uh, so I think probably the question is related to china. I know there was an issue Last year in not being able to have interns in china just due to some new regulations Do you have a process to be able to bring chinese interns on for this year? So that's that's no concern. So Definitely, we'd love to see interns there and mentors from china as well Okay, it would be a great thanks great any other questions on the internship program, all right and um Then I guess the next up is a hyper larger composer update and is caroline or or Simon on to give the report Chris it doesn't look like that ended up getting completed last night So we'll probably need to punt on that and notice them again. Oh, oh it didn't. Oh, I said I can't click on the Okay, I guess I'll have to punt on that one Uh, okay, uh tracy quarterly updates and again Uh, I apologize. I can't follow along but if you wouldn't mind sort of Going over the updates that you made based on last week's conversation Um, uh, that would be great Okay, sure. No problem. So I'm uh in the rocket chat. I just pasted the link to the updated template um, I updated it based on some of the feedback that came in uh last week to Combine a couple of sections into the overall activity in the past quarter. Uh, so I combined the work products the activity in the past quarter and kind of a, you know So I think those two sections were combined into to one and then uh, I also add a planned work products for what liveables The working group would be working on in the upcoming quarter Uh besides that Um, I think that's pretty much it as far as the changes go. Let me just check the last one um That we had prior to make sure that was it Uh, oh I combined three sections work products overall activity in the past quarter and current plans into Basically the overall activity in the past quarter and then I added the kind of what's next for the upcoming quarter everything else, um I removed the working group scope uh as requested because The assumption is that the scope shouldn't change unless it's already gone to the psg So, uh, yeah, those are the changes I made. It's a little smaller than it was before Um, and should be pretty straightforward to to complete for the working groups leaders It looks good to me Thanks, Tracy. Other thoughts and comments? Concerns, okay, then if we seem to be Good with this. I suggest Todd. We take a quick vote if we're at quorum Yep, uh, actually all 11 are here. Uh, so running through the list quickly or no Yes, so ha Yes, bin Yes, chris Yes, then Yes, greg Yes heart Yes, jonathan Yes, kelly Yes, mick Yes, nathan Yes, all right, uh, that passes unanimously Okay, so I will uh make sure that this template gets added so that when a new page gets created It will automatically fill in the template the same way the project updates does um, and then just so that we know I The schedule is currently set to start in april because I wasn't sure how long it was going to take to pass this Would the tsc like me to change the schedule so that we're starting sooner than the beginning of april? um, yeah, I don't see a reason to hold off until april I would think we should Um, okay Yeah, I guess. Um, I mean what other people think This looks like a pretty low hurdle for for people to fulfill so I don't think we need Yeah, I mean and many of them are already keeping You know minutes and records and stuff so it shouldn't really be that hard to pull together um Maybe maybe give a couple of weeks for the first one and then move on is that Same reasonable middle of the month That seems reasonable to me. Yeah, that sounds totally fine Um or hard or Uh Dip in is that okay with you guys? I can't remember who's up first and I apologize. I don't have Visibility The architecture working group is up first Okay, so rom are you good with that? Maybe you're wrong. It's not wrong. I'll tell you I want to do this Why don't we just let me ask rom uh, if he's okay with that and if he is then let's do that Okay, I'll get that template set up so that it's uh New pages are created with it and I'll update the schedule after talking with him So super. Thank you um, okay, so Last up then is uh, Dave to Introduce a site change to uh, throw the onboarding process for projects pertaining to the security Workgroup and their processes Dave. Yeah, hi. Um, so Because so last year we part of my mission was to get a confidential security bug handling process in place Which we were able to do and it required changes to our JIRA to Allow for people to report a bug flag it a security and it would be held confidential um, so that the security team could triage it and Deal with it mitigated some ways And then disclose it. It's all part of the responsible disclosure process that Nearly all open source projects use These days even closed source projects do this Last week we or I say I guess earlier this week. We had a slight security issue come in against a project that didn't use JIRA for its a bug handling process and It became immediately obvious that we can't do a confidential security bug handling using github issues so I immediately asked the help desk To set up JIRA projects for all of the projects that we have Just so that we can handle confidential security bugs for all of them now I the email I sent out to everybody. I just wanted to let everybody know that we're in the process of finding a consultant To help us modify our JIRA to adhere to the process that we all want to use and I'd like to invite Maintainers or participants in any of the projects to participate in that so that we can Spend the money and get a result that everybody agrees is a marked improvement and I'm hoping that projects will reconsider switching away from github issues over to JIRA Just so that you can have all your bugs in one place I understand github issues is very convenient, but I did some searching yesterday and There is no support for confidential bugs at github as far as I can tell in fact. I found a bug Sorry an issue that was reported to github about four years ago to support that feature and it's still open So I don't think they have any interest in in developing that feature So I just wanted to give everybody an update that we're setting up JIRA projects for all projects and We're going to modify JIRA to be more user friendly for our community and I'd like Anybody who's interested in helping to email me and participate Yep, so just one just just make things perfectly clear to everybody You're not required to use JIRA for your issue tracking if you're still you know, if you if you still want to use github issues You can do that This is just for the security issues that everybody has to have a JIRA that makes sense How many projects do we have that are actually using github issues? Three I was asking about the github issues. So like is it one or two projects that That are aberrations here or is it broader than that? We have composer quilt and at Roja that are using github in some fashions Yes And we have fabric sawtooth and indy that are using JIRA for the whole thing I believe And uh, and cello also it was JIRA. Oh great cello. Yeah Yeah, cello does and I think burl is still using github, but I'm I don't know if silo's going on You can explore to use JIRA awesome Yeah, okay great. So It seems like most of us are using JIRA That is correct Yeah, I think probably the one that stands out then is uh, if Roja is also moving towards a 1.0 then having Production security bugs is is more significant of an issue so And I would encourage I would encourage them to adopt JIRA and and move off of github issues. They're not confusing their end users about where to log things Yeah, and one of the things that you know will You know that jade was hinting at in terms of getting a sort of JIRA, you know, a ci tooling expert basically One of the things that we've been talking about with the potential vendors is Better integration of the tools. So for instance, we should be able to Have a bot that could take a github issue And automatically populate a JIRA issue appropriately for that project and then you know leave a comment saying Thank you for your, you know For your issue, you know, we've recorded it in JIRA here. You can track it and so forth and then close it No, it's great. No, it's great And I think the other thing to bring up is that the hyperledger Eroha is using a non hyperledger JIRA plus github issues So we really do want to try and convince Eroha to move to the hyperledger JIRA for tracking their bugs Yeah, all right. Well then Tracy you and I should go talk to Eroha Um The other piece of my email that was one last detail which was Should project decide to not use the hyperledger JIRA? um The one thing that I Do want them to do And i'm going to kind of make it a requirement is that you post very publicly In big letters that says if you are reporting a security issue Either email security at hyperledger.org Or report it to the JIRA at hyperledger So that it's properly handled And I can work with each of the teams that choose not to use JIRA to make sure that that notices put the place Sounds pretty much it Yeah All right. Thanks, Dave Well, since we didn't have an update This was a very short call unless there's any other action items or any other Topics people would like to discuss. I suggest we adjourn and give people 40 minutes back Or 35 Okay Thanks everyone Yes, have a good day guys. Thank you. Thank you. Bye. Thanks everybody