Attendees
Ruchika Gupta (NXP)
Abhishek Pandit (Arm)
Ashutosh Singh (Arm)
Matteo Carlini (Arm)
Kevin Townsend (Linaro)
Dan Handley (Arm)
Julius Werner (Google)
Mark Grosen (TI)
Bill Mills (TI)
David Brown (Linaro)
Kangkang Shen (Futurewei)
Bill Fletcher (Linaro Community Projects)
Andrej Butok (NXP)
Agenda/Minutes
Website feedback
AP: Feedback from Arm folks - to be sent separately:
scrolling status.
Adding a footer per project.
Structuring the project information differently
TF-A workshop
MC: Possible engagement from members in the workshop e.g.
presentations/keynote
platform ports,
war stories,
project format & contributions,
user stories,
new features,
community development thoughts
KS: Everyone doesn’t attend everything at the same time. Also a panel discussion could be interesting since more efficient in attendee time. Make sessions available offline and allow people to contribute afterwards.
MC: Will feed these ideas to the Board
MC: The event format and size will depend on the range of contributions - ‘Arm show’ vs 7 or more companies participating. Not expecting to explore a public CFP until we’ve explored the membership interest.
KS: Would like to see some discussion about secure variables.
Security incident handling
AS: Top-level mailing list and then a mailing list per project. Membership of these lists is tightly controlled. Keep the disclosure limited. To allow conversations to be encrypted we’re setting up PKI.
DH: Correct - we don’t insist on encryption
DB: Management of private keys needs to be spelled out. Once someone has the private key, they always have it.
AS: Sub mailing lists can’t decrypt the top level mailing list. We need to have a key revocation mechanism in place (not yet completely defined). Will need to generate a key pair and have a signing ceremony. Is there a place to host keys?
DB: Generally the assumption is that private keys are held by individuals.
AS: For the time being will keep it as a manual process unless someone has a better suggestion.
DB: Will forward link to Stack Overflow page with expected way of doing things.
AP: Is there a pre-existing guide?
AS: Is quite straightforward. Will be a short guide.
DB: Email client support?
DH: There is an Outlook plug in
AP: Dan sent out mail with process. Can we put it as a proposal on Phabricator so that don’t need to find it in the email archive.
AS: Yes, will do this and then all the projects can link to Phabricator.
AP: Lack of top level reporting in tf.org is becoming a problem so we can answer ‘yes’ to outside questions
DB: Think having multiple keys is going to be burdensome. Based on experience in Zephyr and mcuboot, no one wants to work with PGP.
DH: If allow responses to be to individuals, only need top level key. Don’t know if it’s acceptable to expose individuals
AP: Suggest offline discussion between Ashu, David and Dan
Forums
AB: Very difficult to follow historic email topics or reproduce a tree of answers. Can’t check if something was asked previously.
AP: David provided a suggestion for groups.io
DB: Works ok for Zephyr project
DH: Orthogonal to having Slack, but needs some kind of instant messaging
BM: Yocto switched from mailman to groups.io. Think most people don’t know there’s a forum.
DB: Does the best job of replacing a mail list server - just adds the functionality of a forum.
BM: Helps an occasional person who doesn’t want to subscribe to do a better job. Acceptable model for casual users.
AP: Where do archives live?
DB: On groups.io. The Linux Foundation (hosts Zephyr) is finding that it’s easier to get groups.io to deal with spam.
AP: Suggest the someone could do a proof of concept and demo.
DH: Someone would need to administer it.
DB: 3 tiers of commercial terms. Would need to pay
BF: To talk to Linaro IT about any info on groups.io
AP: Interested to get feedback, thoughts from others. Don’t want to move to this tool and find out it’s not what people want.
Coding Guidelines
AP: Need to follow up and send nominations of people. Need a couple more people to make it sustainable.
AOB
JW: Can we avoid scheduling conflict with TF-A Tech Forum?
Action: Abhishek
DH: Threat models. Legal request going through Arm to relicense these under creative commons.