Skip to main content

Mathias Brunkow Moser

Office Hour meeting minutes

Infrastructure

  • @SebastianBezold -> Wednesday (31.07.2024) the Catena-NG will be deleted! No more access to the consortia environment will be allowed!
    • Friendly reminder from @matbmoser: copy the configuration from the consortia environment argo, so you dont loose it, for the association env;)
  • @hzierer -> Most of E2E Tests are already passed! Great job everyone!
  • @matbmoser -> Don't forget to document the Quality Gate tickets!
  • System team is leaving in wednesday! The participants that will not act as committers please or remove yourself from the list, or contact a project lead. Thank you for you wonderful hard work!

Security team

FOSS

Open planning / community

Office Hour meeting minutes

Infrastructure

  • Info from Test / Infrastructure Management CX Association by Harald:
    • SAP DIM follow up meeting with on 8.7.2024 together with Christian Lahmer (SAP) and Evelyn Gurschler and DoubleSlash Net-Business GmbH
    • Work-in-progress with SDE team and importing of test cases
    • Access is currently limited –> would be great to make it accessible and available within Tractus-X
  • Tomasz - Presented about how do you need to publish your API using .tractusx metafile and publish via GitHub pages - API Hub.

Security team

  • Info from security team by Rohan:
    • Reminder about replacement of GitGuardian with TruffleHog, see according pull request to update TX release guideline: #950
    • Reminder about updates to Trivy workflow , see according pull request to update TX release guideline: #949
    • Reminder about about absence of security team members from August 2024
    • Security tools walkthrough in the Committers Meeting of July 5, 2024 (about 20 minutes) - Rohan will announce the walkthrough next week on the TX mailing list while sending out a reminder for the meeting

FOSS

Open planning / community

  • Info by community manager Stephan about the Tractus-X/Catena-X working model and the refinement phase for the 24.12 release
  • Registration is open for the Third Eclipse Tractus-X Community Days on December 05 and 06, 2024, ARENA2036 in Stuttgart!

Security Office Hour meeting minutes

Announcements

  • Gitguardian tool for secret scanning will be replaced by TruffleHog. This will be used in parallel with Github's native secret scanning tool.
  • Trivy workflow has been updated to address the failure of workflows
  • Announcement of Security handover during the committer round

Office Hour meeting minutes

Infrastructure

  • Info from Test / Infrastructure Management CX Association by Harald:
    • status of product onboarding and deployment progression to new environment
    • clarifying dependencies, resolving blockers is ongoing
    • handover of test cases to new CX Association Xray
    • Invitation to E2E Test Management Daily beginning Monday (July 1, 2024): frequency determined determined to half an hour every 2nd day
  • Status about current works on API publishing by Tomasz currently in progress: a separate repository to store API docs and publish via GitHub pages - API Hub - was created. He will present the topic a bit more hands on in one of the upcoming office hours

Security team

  • Info from security team by Rohan:
    • Replacement of GitGuardian with TruffleHog, see according pull request to update TX release guideline: #950
    • Updates to Trivy workflow , see according pull request to update TX release guideline: #949
    • Security tools walkthrough in the Committers Meeting of July 5, 2024 (about 20 minutes) - Rohan will announce the walkthrough next week on the TX mailing list while sending out a reminder for the meeting

FOSS

  • Committer Election for Lucas concluded successfully, congratulations and welcome!
  • Don't forget to update the legal docs!! Close the tickets in your repositories if its done: eclipse-tractusx/sig-infra#477

Open planning / community

Discussions

  • Evelyn suggested a consistent storing for environment specific deployment configuration (helm values files) in TX repositories:
    • IF products teams store deployment configuration in TX, it should be stored in a separate directory at root level (/environments) and the notice file should explain it is need for the end-to-end testing of TX releases
    • no deployment configuration other than the one used for the official E2E Testing of TX releases should be kept in TX
    • suggestion is not intended to promote the storing of this configuration in TX but if you do it, do it as proper as possible
    • a benefit from (properly) storing the configuration in TX is the versioning with the TX GitHub releases, allowing to easily trace back the exact configuration used for testing
    • other options for handling environment specific deployment configuration outside of TX were discussed as well as the option of multiple sources for Argo CD was mentioned by Carsten
  • Stephan was wondering about how to handle outdated information on the TX Product Page:
    • product teams should check if the information on the page is still up to date, Stephan will write send a reminder on the TX mailing list
    • Arno mentioned that he would update the products which are still outdated in a couple of weeks, thanks for volunteering!

Mathias Brunkow Moser

Office Hour meeting minutes

Infrastructure

Security team

FOSS

Open planning / community

  • Every office hour there will be a slot to talk about the current process of the working model of Tractus-X/Catena-X. With the updates from the community.

Discussions

  • Mermaid version in current docussaurus for the tractus-x webpage do not support specific type block-beta and xychart-beta.
    • Stephan Bauer will test to upgrade the version of docussaurus in the Catena-X e.V. Repository.

Security Office Hour meeting minutes

Announcements

  • Reminder about former GitHub Organisation Catenax-ng
  • Reminder to remove any test credentials/sensitive that are present in Catenax-ng
  • Reminder to look for the results of the security scans after migration to Eclipse Tractus-x

Sebastian Bezold

Office Hour meeting minutes

System team

  • Support needed for overarching CHANGELOG creation for release 24.05. If interested, please get in contact with Stephan Bauer

Security team

  • n/a

FOSS

Open planning / community

  • We are looking for committers to help with the Release QG Check Review for the upcoming release. Please reach out to Roland and Siegfried if you are interested.
  • Check out the meeting invitations for open meetings regarding planning for release 24.12

Discussions

  • Are there defined deadlines for release 24.08 -> No one in the meeting did know of one yet
  • Interoperability and Thread Modelling checks in 24.05?
    • You can approach the Security Team via issue on sig-security
    • Checks, that have been documented in a Consorita Confluence instance, could still take place, but a transparent format should be considered. Some Teams already documented on GitHub.

Fabian Grün

Office Hour meeting minutes

System team

  • We moved from the former Miro board to the new Board within our Eclipse Tractus-X GitHub organization projects and if you would like to give Feedback feel free to state it in the draft issue
  • Now you can state everytime your topic for the next office hour as a draft issue for each open meeting like the "Office Hour" as described in the info section of the board

Security team

  • Rohan will resume work on Monday, 13-May Alternate contact: Lokesh Gujre , Tim Herres
  • Bug bounty program is still in the works, but we are making progress on it see issue

FOSS

  • Committer Election for Arno Weiß open for voting
  • Please check out the statements to the "Use of AI" in one of our Eclipse Office Hour sessions
  • OCX Conference - Call for speakers is open! Submit your talk here
  • Friendly reminder to the Eclipse Office hours about the process and shared information see here
  • Friendly reminder to check our product notice sections in your documentation and update it if necessary a little example was found within the KIT documentation see here

Open planning / community

  • We are looking for committers to help with the Release QG Check Review for the upcoming release. Please reach out to Roland and Siegfried if you are interested.

Discussions

  • n/a

Gabor Almadi

Office Hour meeting minutes

System team

  • n/a

Security team

  • An updated list of Security related TRGs are available after this PR has been merged

FOSS

Open planning / community

  • New dates with blockers will be added to the website for release 24.12 soon, keep an eye on them! There will be a news entry when they are available
  • Starting with the next release (24.05) QG4 reviews will be mandatory to do in pairs every committer can get familiar with the process. A committer can't review their "own" products

Discussions

  • You can read about Eclipse roles and how to become one here
  • There is a new board work in progress on GitHub that could be a replacement for the current Miro board we use for the Office Hour
  • Kubernetes 1.30 is available now, but consortia clusters are still on 1.27 (which is the LTS version). This should be aligned as TRG5.10 describes our goal otherwise.
  • For release 24.05 you can open an issue for security assessment in the sig-security repository. This support won't be available starting with release 24.08
  • There is a problem currently with the calendar files on the website for. It is being investigated and an update will be provided soon.

Committer meeting - meeting minutes

Open Planning Participation of committers

The open planning is one of the most important meetings. I think 14 (of 41) committers were present, but only two used their voice ;) what about the others?

=> Maybe we should talk more beforehand, about the importance of the meeting. Responsibilities and expectations of attendance.

Label structure

The labels on the features are very important for dependencies and filtering. Yes we have a lot, but we need more ;) but on the other hand we can also delete some ;)

Suggestions:

New needed

  • ssi
  • data-sovereignty
  • policy-hub
  • policy-registry
  • issuer-component
  • authority-registry

=> discussed -> create the labels

  • open-discussions (color: red)
  • Prep-P14 -> maybe Prep-R2412 -> do we need the specific prep label?
  • Prep-P15
  • Standards (marks tickets which have impact on standards)
  • Breaking Change (marks breaking change tickets)

Changes needed

  • miw => rename to identity-wallet

Delete (probably we need to discuss this once since a deletion has impacts…)

  • kit (reason: each kit has an own label already)
  • foss
  • go
  • PI12 (ideally we just inactive it to not lose it on the old tickets)
  • Prep-P11 (ideally we just inactive it to not lose it on the old tickets)
  • Prep-P12 (ideally we just inactive it to not lose it on the old tickets)
  • Project management
  • Test results

Additionally I like to suggest a clear color coding

  • All Product labels - ocean blue
  • All Prep-Pxx label – grey
  • All highlight labels – red
  • All UseCase labels – green -> can we delete this?
  • All Expert group labels - yellow

=> HTML color code is used

Clean Board

My feeling is, we will have round about 60 features for 24.08 -> all good. Happy about it. But on the board itself we have more than 200. I understand its good to have some features in inbox/backlog... but i think the gap is to big ... and i think a lot of them could be deleted ;(

=> discussed and decided: Friendly reminder -> after a specific amount ot time the issues are deleted automatically

Views an project board

The views (tabs) should be cleaned up) which views are still needed?

  • Feature view (issuetype feature) -> for Expert Groups / Committees / Developer
  • QGate View (issuetype realease_ac)
  • ???

Future workingmodel

Instead of miro we could work with GitHub Project as agenda/issuetracking. e.g. example board

=> lets try it

Custom Attribute

Since we work together e.V/Open Source it would be beneficial if we could map the features to the related expert (groups) therefore i would like to discuss a custom attribute, which holds the related committee/expertgroup (dedicated list) -> This would help to filter and also get a better feeling

=> prepare a poc -> Tom , Stephan

Featurequality

Since sometimes the quality (how is a feature described, did you clarify your dependencies, did you talk to your committer, is the time allocated) i would like to extend the feature template to guide a little bit more. For example a checklist like:

  • [ ] i have talked to dependent components
  • [ ] i have talked to my committers
  • [ ] i will contribute on this features
  • ...

-> mention the release process via link in the template, keep the template simple -> link the contribution guidelines