TSC Meeting Notes 2019-09-17
Attendees:
- Cary Phillips
- Christina Tempelaar-Lietz
- Rod Bogart
- Kimball Thurston
- Peter Hillman
- Joseph Goldstone
Discussion
Beta v2.4.0-beta.1 is ready for official release.
Next up:
finish off the CII best practices badge.
fix sonar bugs
request updates to mitre.org CVE entries.
Still waiting on Lucasfilm Business Affairs to configure EasyCLA; repo move is blocked until that happens.
Start port of PyImath to pybind11, which is going to be a lot of work.
clang-format (not to be confused with clang-tidy, which is different) - Larry has a setup on OIIO that runs clang-format on PR, rejects if the formatting is off but also posts a diff, so the submitter can get the formatting right even if they don't have clang installed.
CVE's:
CVE-2016-4629 and CVE-2016-4629 were fixed by Apple in the OS.
CVE-2006-2277 - the link on the mitre.org page is broken, but the offending .exr is available on the internet archive wayback machine here:Â https://web.archive.org/web/20060520062054/http://w148.de/~cmertes/nachbarhaus1.exr
Christina gives an overview of SonarCloud set-up. Read the YAML documentation here:Â https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=azure-devops&tabs=schema
Joseph: We should reach out to distro packagers and request/encourage/help them to update to the new release.