From a17d11314c9db7c8d38032c977cc02d58eb57199 Mon Sep 17 00:00:00 2001 From: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> Date: Wed, 3 Apr 2024 18:40:58 +0200 Subject: [PATCH 1/2] Correct meeting minutes 2024-02-28 - try to unify format - add questions to unclear points - improve wording from memory --- meeting_minutes/2024/2024-02-28.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/meeting_minutes/2024/2024-02-28.md b/meeting_minutes/2024/2024-02-28.md index 07401b15c..2604f85a8 100644 --- a/meeting_minutes/2024/2024-02-28.md +++ b/meeting_minutes/2024/2024-02-28.md @@ -42,7 +42,7 @@ Note: Observers of this committee that are ready to become Members should follow ## Agenda - Roll call cannot be done automatically due to the system migration. -- Once email is back online, we will put a motion to approve May Meeting Minutes of 2024-01-31 [https://github.com/oasis-tcs/csaf/blob/master/meeting_minutes/2024/2024-01-31.md] +- Once email is back online, we will put a motion to approve [Meeting Minutes of 2024-01-31](https://github.com/oasis-tcs/csaf/blob/master/meeting_minutes/2024/2024-01-31.md) - Review GitHub Issues for TC Discussion: https://github.com/oasis-tcs/csaf/issues - Discuss next steps. - Adjourn @@ -68,23 +68,23 @@ Note: Observers of this committee that are ready to become Members should follow - Omar to merge after the call. -- [Pull Request 693 ](https://github.com/oasis-tcs/csaf/pull/707) and [Pull Request 694](https://github.com/oasis-tcs/csaf/pull/694) in version 2.1. +- [Issue 693 ](https://github.com/oasis-tcs/csaf/issues/693) and [Issue 694](https://github.com/oasis-tcs/csaf/issues/694) in version 2.1. - TC should fix in 2.1 or another version. - - For current implementations, a router may be needed. + - For current implementations, a router may be needed. - Not a feature. Change schema update and apply as basically a fix version of that. - Any validators would have to be edited to change schema. - Fix both errors is the recommendation. - Not sure if qualifies as a non-material change? - - If it is a material change, then it will affect the IOS for CSAF and potential hinder activity. + - If it is a material change, then it will affect the ISO for CSAF and potential hinder activity. - If non-material it will do not do any harm. - - Who would make the judgement? Check with Oasis. Stefan is familiar with this. - - Thomas says it is a lower risk and can silently fix it. + - Who would make the judgement? Check with OASIS. Stefan is familiar with this. + - Thomas says it is a lower risk and can silently fix it in CSAF 2.1. - We could put a motion in email and close discussion. - Any comments from TC – discuss at a later time 2.1. - Thomas: Motion to address in CSAF 2.1 - Second: Justin and Martin. -- [Pull Request 665](https://github.com/oasis-tcs/csaf/pull/665) Vulnerabilities Property – Remediations. +- [Issue 665](https://github.com/oasis-tcs/csaf/issues/665) Vulnerabilities Property – Remediations. - Thomas Proell - Old ticket – solution outlined on Pull request notes. - Will see if this makes sense and would like team to look through the information. @@ -94,11 +94,11 @@ Note: Observers of this committee that are ready to become Members should follow - No clear definition, patch, workaround or mitigation. - Feng suggested that we use something else. - Code change or code fix from patch. - - Likely hood and impact – will look at those terms; and Thomas Propel will make changes and put in transition route. - - Thomas Sch would like team to put in changes for next meeting and discuss next time if there are any open questions. + - Likely hood and impact – will look at those terms; and Thomas Proell will make changes and put in transition route. + - Thomas Schmidt would like team to put in changes for next meeting and discuss next time if there are any open questions. - Discuss ticket 665 and propose changes for vulnerability properties. -- Warning/Error for signature expirations #678 – Thomas Schimdt +- [Issue 678](https://github.com/oasis-tcs/csaf/issues/678) Warning/Error for signature expirations – Thomas Schimdt - Done in Linux distributions and would have same process here are the expectations from documentations. - Suggest adding to guidance to CSAF 2.0 and mandatory description in section 7 as a requirement in 2.1. - Not voting and no objections from TC. @@ -108,8 +108,8 @@ Note: Observers of this committee that are ready to become Members should follow - Review and comment on the suggestion to make signatures valid for a minimum of 30 days. -- Add “Preconditions” item from #706 - - Someone from Red Hat noticed an issue. +- [Issue 706](https://github.com/oasis-tcs/csaf/issues/706) Add “Preconditions” item + - Someone from Bosch noticed an issue. - Allows that you can prepending strings. - TC agreed to look at this between meetings. - Thomas prefers option 2 and less work but wants team to weigh in. From 8b5f1fff0b7681d7c7462f59e0453880bd8e22d8 Mon Sep 17 00:00:00 2001 From: Stefan Hagen Date: Wed, 3 Apr 2024 18:59:53 +0200 Subject: [PATCH 2/2] summarizing post work - excavator --- meeting_minutes/2024/2024-02-28.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meeting_minutes/2024/2024-02-28.md b/meeting_minutes/2024/2024-02-28.md index 2604f85a8..48976c8b4 100644 --- a/meeting_minutes/2024/2024-02-28.md +++ b/meeting_minutes/2024/2024-02-28.md @@ -70,7 +70,7 @@ Note: Observers of this committee that are ready to become Members should follow - [Issue 693 ](https://github.com/oasis-tcs/csaf/issues/693) and [Issue 694](https://github.com/oasis-tcs/csaf/issues/694) in version 2.1. - TC should fix in 2.1 or another version. - - For current implementations, a router may be needed. + - For current implementations, errata may be needed. - Not a feature. Change schema update and apply as basically a fix version of that. - Any validators would have to be edited to change schema. - Fix both errors is the recommendation.