TSC Meeting Notes 2019-06-13
Attending:
Cary Phillips - ILM
Larry Gritz - SPI
Rod Bogart - Epic
Peter Hillman - Weta
Kimball Thurston - Weta
Nick Porcino - Oculus
Christina Tempelaar-Lietz - Epic
John Mertic - Linux Foundation
Discussion:
Welcome new TSC members:
Nick Porcino - Oculus
Christina Tempelaar-Lietz - Epic
Kimball Thurston - Weta
Piotr was invited by hasn’t responded.
Project goals by SIGGRAPH:
Reach “adopted” status, seems attainable.
CII badge progress is at 68%
Need CI setup
Need static/dynamic analysis setup
Need to address security issues/policies
Put out a new release, version 2.4:
Address outstanding CVE’s
Document existing CVE’s
Compiler warnings
CMake fixes
Acknowledge most Issues and PRs; many can be closed as is.
Proposal/position on the future of Imath; go into the BOF prepared to discuss.
“Guide to the OpenEXR Project”
GOVERNANCE.md, CONTRIBUTING.md, etc.
Clarify project roles and clarify terminology:
Committer vs. TSC
Nick Rasmussen is an example of a committer not on the TSC.
Need to clarify terms of service, how long do TSC members serve.
OCIO meeting notes designate a PR Reviewer?
Ad-hoc for that project to ensure fast turn around due to large number of contributions
May want some form of this to ensure that PRs are reviewed
Legal:
Who keeps track of CLA’s on file?
Should just be part of the process (CLA, DCO checks)
Old PRs, what to do about obtaining CLAs prior to merge
Need to check w/ ILM legal just to clarify old copyright / CLA
Does OCIO have a policy of accepting small fixes without a CLA? No, that’s OIIO. All ASWF/Linux Foundation projects require CLA’s for every PR, no matter how small.
CII Badge requires “acknowledgment of bug reports”. What should our policy be?
Standard use of GitHub labels, documented in CONTRIBUTING.
Use of GitHub Milestones to indicate priority.
Status of the CII Best Practices Badge:
Must ensure timely response to posts on openexr-dev
What does it take to ensure that the website now uses https?
Security:
security@openexr.com, info@openexr.com
John to arrange setting up the forwards to private tsc
Outstanding CVE’s:
One has a PR that needs to be merged.
Other CVE issues have been resolved but the issues were never closed.
CVE’s should be documented in CHANGES.md.
OpenEXR needs a designated security expert
Cryptographic protocols are not applicable.
Ready to set up Azure?
Compiler Warning flags
-Wall with GCC 7/C++17 on Ubuntu gives a handful of warnings, straightforward to fix.
What about Windows?
Code coverage, static analysis, dynamic analysis: SonarCloud?
Just needs to have been done at least prior to release (as opposed to fully integrated to release schedule)
Test policy adherence?
Should we update source code copyright notices?
Cary will check with Lucasfilm Business Affairs.
What’s the status of moving the github repository?
TODO’s and action items:
Label issues and PR’s
Gives perception of response
Use milestones instead to mark issues for including in next release
Need to be more aggressive with closing issues that had a back and forth resulting in a consensus there’s nothing to do
Standard comment about a house-cleaning event in migration to ASWF
Merge/act on existing PR’s
Fix compiler warnings
SonarCloud: Static and dynamic analysis
Azure
Web site/documentation
JM: Can be moved independently, whenever ready
CP: wants to re-do web site to make it easier to maintain
Email addresses for info & security
Imath white paper
Christina - will work on SonarCloud
Kimball - will work on PRs, cmake, compile warnings
Nick - will review PRs as well