Minutes: 20181117 - UrbanOS-Examples/TechnicalWorkingGroup GitHub Wiki

Attendees: Brian King, Tammy Chellis, Phil Noman, Scott Merrill, Bill Schwanitz, Sharon Wilhelm

Regrets: Vince DiMascio and Monica McJunkin

  • Brief overview of November TWG Collaboration Meeting.
  • Agreement to follow Tammy’s lead and implement what’s going well and what to add as part of TWG Weekly Meeting.

Review of milestones and risks:

Milestone 1: Nov 15 - List or risks and downsides related to Open Source. with potential ways to mitigate those risks

  • Identify model organizations that do open source well

Milestone 2: Dec 13 - Identify a process for code commit, core team membership, release pipeline

  • Recommendation on how to engage and manage the community

Milestone 3: Jan 24 - Recommendation on open source licenses to suit the target state of the OS

  • Suggestions for how to grow the community of contributors

Risk: Code quality and application security

  • These can be mitigated with proper identification of an appropriate organizational structure and review process. For example, code may undergo peer review for quality assessment. Known application vulnerabilities would be mapped against code and resolution prioritized. Specifics will be part of recommendation for deliverable #4.

Risk: Contribution of features outside of project scope

  • As above, these can be mitigated with proper identification of a core team who implements a pull request process with thorough review. Contributors will be encouraged to create an issue so that a discussion of the feature, its value, risks, and trade-offs can proceed before time is spent on development.
  • The core team must be clear about the scope of the project and the overall roadmap of priorities. Specifics will be part of recommendation for deliverable #4.

o Risk: Contribution of code that does not conform to the architecture of the project

  • This risk is also mitigated by the review and issue creation process. The core team will need to be explicit about its architectural decisions and firm in enforcing them as necessary. Specifics will be part of recommendation for deliverable #4.

o Risk: Intellectual Property and Contractual Rights

  • To protect the legal rights of OS users. The SDLC should include controls (e.g., code scanning) for the risk of a developer taking code from somewhere else (Oracle, MS) and incorporating such code into the OS. o Risk: Lack of engagement from the community

  • If the community is not managed and engaged properly, enthusiasm will fall off (or never build), and code contributions will be few and far between. Recommendations on managing, and then growing, the community will be detailed in Deliverables #5 and #6. o Risk: Licensing selection and compliance

• Neither Chris nor Dean were able to join the meeting. Sharon to follow up to confirm they are on track for their deliverables and ensure they have no roadblocks for a Dec 13th delivery date.

• Discussion on how to activate the quiet members of the TWG and to continue to keep everyone engage. Decision was to contact members with specific request for help including due dates.

• No updates on presenters from elastic and apache

• Discussion topic on Blockers revealed anything new.

Action Items:

• Sharon to follow up with Dean and Chris prior to next week’s meeting to determine they are on track for the Dec 13th due date, gather an understanding of any blockers, and they each is aware they own the deliverable.

• Bill to gather feedback on his deliverable of the risks and downsides related to Open Source. with potential ways to mitigate those risks and the model organizations that do open source well from TWG members.

• Bill to create a git / issues / wiki 101 with the potential to record a class to be used as a refresher or as new people join a TWG.

  • Tammy to follow up with Bill about meeting in person or online

• Sharon to review the class / document from a user’s perspective.

Decision: To active quiet TWG members, contact members directly with a specific request for help including due dates.