blob: 97d2ad3a1a641d15c4fd7cc20a36b2be55dfebc3 [file] [log] [blame]
<!DOCTYPE html>
<html lang="en">
<meta charset="UTF-8">
<!--[if IE]><meta http-equiv="X-UA-Compatible" content="IE=edge"><![endif]-->
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="generator" content="Asciidoctor">
<title>EE4J PMC Meeting #2021-07</title>
<link rel="stylesheet" href="">
<body class="article toc2 toc-left">
<div id="header">
<h1>EE4J PMC Meeting #2021-07</h1>
<div id="toc" class="toc2">
<div id="toctitle">Table of Contents</div>
<ul class="sectlevel1">
<li><a href="#general">General</a></li>
<li><a href="#wayne-vulnerability-policy">[Wayne] Vulnerability Policy</a></li>
<li><a href="#wayne-ip-scanning">[Wayne] IP scanning</a></li>
<div id="content">
<div class="sect1">
<h2 id="general"><a class="anchor" href="#general"></a><a class="link" href="#general">General</a></h2>
<div class="sectionbody">
<div class="paragraph">
<p>Date: 2021-06-24, 11:00 (EDT)</p>
<div class="paragraph">
<div class="ulist">
<p>Ivar Grimstad (Eclipse Foundation) -</p>
<p>David Blevins (Tomitribe) -</p>
<p>Dmitry Kornilov (Oracle - <strong>Present</strong></p>
<p>Kenji Kazumura (Fujitsu) - <strong>Present</strong></p>
<p>Kevin Sutter (IBM) - <strong>Present</strong></p>
<p>Scott Stark (Red Hat) -</p>
<p>Steve Millidge (Payara) -</p>
<div class="paragraph">
<p>Invited Guests</p>
<div class="ulist">
<p>Maria Teresa Delgado - <strong>Present (new face of the EMO)</strong></p>
<p>Wayne Beaton - <strong>Present</strong></p>
<p>Ed Bratt - <strong>Present</strong></p>
<div class="paragraph">
<p><em>Not a quorum again this week. Wayne is ready to just post to our PMC list and have the discussion there first.</em></p>
<div class="sect1">
<h2 id="wayne-vulnerability-policy"><a class="anchor" href="#wayne-vulnerability-policy"></a><a class="link" href="#wayne-vulnerability-policy">[Wayne] Vulnerability Policy</a></h2>
<div class="sectionbody">
<div class="ulist">
<p>No specific presentation. Wayne just wanted to discuss the vulnerability policy (or lack thereof).</p>
<p>Wayne needs some action and practices in place to help address the vulnerabilities.</p>
<div class="paragraph">
<p>Ä* EE4J and Jakarta EE are a prime location for these vulnerabilities.</p>
<div class="ulist">
<p>How can we (EE4J PMC and projects) help with this monitoring and reviewing of these vulnerabilities.</p>
<p><strong>Action:</strong> Wayne will take this to the mailing list.</p>
<p>One idea discussed was the use of private “security” mailing lists for EE4J and each of the EE4J projects. Instead of leaving these mailing lists open for posting (encourages spam), maybe use a web form or the like for submitting potential issues.</p>
<div class="sect1">
<h2 id="wayne-ip-scanning"><a class="anchor" href="#wayne-ip-scanning"></a><a class="link" href="#wayne-ip-scanning">[Wayne] IP scanning</a></h2>
<div class="sectionbody">
<div class="ulist">
<p>Wayne introduced some new tooling that hopefully will get put in place in 2022</p>
<p>This will help with the IP scanning of the source code</p>
<p>If any potential issues are found, then the IP team will get notified first. If any follow-up is required, the IP team will contact the project team.</p>
<p>If all of this pans out, this should greatly simplify the IP scanning process.</p>