Agenda:

Azure progress
SonarCloud progress
CMake refactor:
- Does it addresses the open “CMake” Issues? OK to close?
- Ready to document?
CVE/bug progress
Google OSS-Fuzz integration?
Release prognosis, how close are we?
Review issues needing attention

Discussion:

Azure/Sonar Cloud
- Underway, Christine is setting up account for her own github for testing.
- Need to create accounts for openexr/awsf ultimately
- ASWF has accounts to use
CMake progress
- Kimball’s got a rewrite up for review
- Simpler, removed some options, consolidated into a single file
- IlmBase and OpenEXR are their own projects, using find_package as appropriate
- Added a root “super project”, it overrides find_package using the current cmake idiom
- Added config.cmake files for install automation
- We will give it a spin, and Cary will write instructions
Issue backlog
- Cary’s polling open issues where it’s unclear if an problem still exists. If the issue author doesn’t respond in a week or so, closing with an invitation to re-open
- Out of memory bugs could be addressed by pre-emptively checking too-large image open requests, and capping the maximum image size.
- Table allocations could be made on demand, rather than on object construction. See issue 245
Release gate factors
- CMake rewrite
- Someone needs to vet the autoconf set up to make sure it’s all still functional
- Security vulnerabilities are the top priority for the next release
- We can announce an upcoming release at Siggraph, rather than rushing to get a release done
Google Autofuzz
- Clang tidy - consensus: thumbs up
- CMake option, OFF by default
- Sonar - consensus: thumbs up
- Autofuzz - consensus: decline on the grounds that we take security seriously and have invested in a fuzz test that we’d prefer to keep investing in.

Browser not supported