Skip to content

TAG: August 10, 2022

Islandora Foundation Community edited this page Aug 10, 2022 · 2 revisions

Zoom link: https://us02web.zoom.us/j/968367412

Host key can be found in the description of the TAG Slack channel.

Attending:

  • Willow Gillingham
  • Amy Blau
  • Luke Taylor
  • Don Richards
  • Isabella Nikolaidis

Agenda

  • Security Workflow
    • possibly opening TAG channel to emails

Interest Group Updates

Islandora Events

Action Items

Meeting Minutes

  • Security Workflow

    • Luke: Due to the nature of it, didn't feel it was appropriate to post publicly anywhere
    • When security issues come up there needs to be some sort of back channel to get a plan together so it can be released in a way where we have fix, fix merged, advisory put together
    • Once upon a time there was a security email - should we revive that and have a policy to say that if you have a security issues or vulnerabilities and you'd like to bring it to the foudnation's email here
    • Don: We have a disclosure process but the documentation for it is in an interest group that is no longer
    • https://github.com/islandora-interest-groups/Islandora-Security-Interest-Group/wiki/Disclosure-Policy
    • Private message in tag channel or those reviewing the fix
  • The only time google groups is brought in is when the fix is published

  • Luke: Security announcement needs to be where CoC or procedures are

    • Put a posting up on slack saying here's where it is
  • Luke, Don volunteers to be a part of this security response

    • Someone from Born-digital might be interested as well - Gavin?
  • Luke: To the TAG group?

    • Don: not all people in security response were available to be in tag
  • #security-response channel is open/public

  • Amy: Helpful to add a google form for security reports?

    • make sure submissions aren't viewable publicly
  • Luke: What types of CI/CD testing we're running on Islandora proper? There are Drupal testing tools that likely could have caught the previous

    • Drupal sniffs
  • Willow: Is this php pcs? It's a great utility to make your tool or make your code have dependency injections, standardized drupal requirements?

    • You could activate specific standards, ex. Drupal would be one of them
  • Luke: What CI/CD is already in place?

  • Luke: Github action that kicks off or spins a ocntainer that runs codesniffer?

  • Don: Ultimately does pull you over to actions - security or actions takes you to actions - then under the Actions list is Security

Where should security contact email be listed?

  • Willow: On Drupal site, module installs, info file for the dependencies
    • Link to our security page/directions once moved
  • Luke: Link in footer of islandora.ca
  • Don: The process for submitting a ticket - to prevent people accidentally reporting security breach - add a new template to report security vulnerability - do not report! Go [here] instead ...
  • Luke: https://www.islandora.ca/contact-us#comms-channels

Quick Link to a Wiki Search in Github

🏠 Home

✍️ Onboarding Checklist

πŸ—ΊοΈ Roadmap

❓ How to maintain this wiki

Committees/Groups

πŸ““ Board of Directors (BOD)

πŸ““ Coordinating Committee (ICC)

πŸ““ Leadership Group (LG)

πŸ““ Technical Advisory Group (TAG)

πŸ““ Code of Conduct Committee

πŸ“š List of Interest Groups

Meetings

πŸ“† Weekly Open Tech Call

πŸ“† Monthly TAG Meetings

πŸ“† Monthly Open Meetings

πŸ“† Biweekly Islandora Coordinating Committee Meetings for ICC members

Camps and Conferences

πŸ“£ Upcoming:

  • No upcoming events

πŸ“£ Past Camps and Conferences

πŸ“… see the Islandora Community Calendar for events and meetings.

Clone this wiki locally