Office Hour meeting minutes​

System team​

• Still looking for volunteers to work on QG reviews together with the system team
  • Goal is to spread knowledge on how TRGs are checked
  • Especially interesting for committers, that already know they will stay post consortia
• Preparing an open description on our release process. Feel free to comment any suggestion or important topics, you think should be covered on this draft
• Markdown linting will again be enabled for KITs. Findings will be collected as issue per KIT
• OpenAPI plugin for docusaurus will be removed
  • OpenAPI definitions will be pushed to SwaggerHub. User credentials available as org secrets
  • Ongoing discussions: Some definitions might be published through standard and therefore out of eclipse-tractusx

Security team​

• New TRG suggestion PR: eclipse-tractusx/eclipse-tractusx.github.io#681
• Reminder: please focus on eclipse-tractusx instead of catenax-ng
• Please reach out to the security team, as soon as the security scans for QG checks are ready for QG review

FOSS​

• Election for Jim Marino open: https://projects.eclipse.org/projects/automotive.tractusx/elections/election-james-marino-committer-eclipse-tractus-x

Open planning / community​

• New open meeting links available in the community section

office hour meeting minutes​

System team​

• Kube Prometheus Stack upgraded to latest release 56.6.2.
• Committer Election for Tuncay Tunc on Eclipse Tractus-X has started.
• The Committer Election for Fábio Mota on project Eclipse Tractus-X concluded successfully.
• Committer volunteers wanted to participate/shadow next Quality Gate process.

Security team​

• New TRG/s from security team was presented requesting for feedback Security TRG 8.0.
• Suggested to contact security team directly for any support required to use, complete Invicti related issues/tasks.
• Update for static application security testing/source code scanning, ongoing transition from Veracode to CodeQL. Reach out to security team for any assistance.
• Reminder on available onboarding process to Snyk.
• There will be separate security office hours meeting, biweekly Thursdays 8:30 - 9:30.

FOSS​

• N/A

Open planning / community​

• Open meetings PR.

Open discussion​

• Question related to TRG 1.04 Diagrams as code, if there a need/requirement to convert already existing .png diagrams. It is recommended to use described in the TRG toolset to keep good level of maintainability of the diagrams, not a hard requirement though in case there is lack of source.

office hour meeting minutes​

System team​

• Please be aware of our Markdown lint problem in the eclipse-tractusx.github.io that currently only the /docs folder is checked and should be extended to more markdown file directories
• TRG Update information about TRG 3-1 that was superseded by TRG 5-09
• Upcoming Office Hours meeting minutes will be reported in the community section of our webpage and you can find here

Security team​

• New security issue templates for sig-security repository
• Security assessments template and contact
• Access to security tools template like Snyk and other tools
• Snyk tool will be available after consortia time

FOSS​

• Please take your vote on a new Committer Election for Fábio Mota
• Please participate in Eclipse Committer Office Hour Meetings and join the discussion about changes to the Eclipse IP Policy and Due Diligence Process

Open planning / community​

• Open Meetings Links with ics invitation files are available for the community

Open discussion​

• No open discussion

office hour meeting minutes​

System team​

• Whenever a new room is created in the Eclipse Matrix chat, please announce it in the main Tractux-X room, office hour and mailing list so everybody can learn about it and join.

Security team​

• New issue templates are available for the following topics:
  • OSS Tool membership request
  • Ask the community for security help via Discussions
  • Keep an eye out on the Security Announcements where news about security topics are announces regularly
• Get in touch with the Security Team for testing with Snyk

FOSS​

• There was a new election for a project lead role for Stephan Bauer
• The Eclipse Project Handbook changed the section about handling copyright headers. A year range is not longer necessary, only the year when the file was created so there is no need to keep an eye on updating the headers. It is still allowed to put year range (creation date and last modification year) in the header but they have to be separated with comma character.
• Please sign the Eclipse Contributor Agreement when trying to contribute to the webpage. Without that it is not possible to merge commits to the main branch.
• ❗ Please don't put any Catena-X content or resource on the website without permission.

Open planning / community​

• New Open Meetings Links are listed directly on our webpage to participate and separate calendar files can be downloaded from there.
• Office hours will probably start a few minutes later so the people don't have to wait until everyone gets there.
• Commiters and Contributors Meeting could be a new form of communication where the committers are more involved getting some pressure off the System Team.
• Newjoiner rounds for basic introductions would be held every 2 weeks in a separate session.

Open discussion​

• Umbrella chart:
  • Currently there is a temporary solution for the Managed Identity Wallet by SAP until the open source version is fixed. This is a COTS application and it raises questions like how it can be integrated into an open source software stack like the umbrella chart. It is not confirmed yet whether the version from SAP can be used without a license. Currently all components can run without MIW but data exchange functionality won't work.
• Public API versioning is still an open topic where no decision has been made to create a TRG or guide the Tractus-X community to follow one versioning strategy.
• An alternative for MS Teams should be found as it is hard to manage for an open community (e.g. Discord).

office hour meeting minutes​

System team​

• No update

Security team​

• Many open cases (>10) from GitGuardian, please check you inboxes (or spam folders)
• A bug bounty program is in the making

FOSS​

• Happy new year: Don't forget to update the year in your copyright headers
  • some corner cases will be clarified until next office hour
• There is a new draft TRG 2.06 regarding dependabot usage
  • please update your DEPENDENCIES file(s) to ensure that the suggested changes are license compliant

Open planning / community​

• Last open planning session went very well
• There's a new open meetings page

Open discussion​

• discussion regarding the "Notice for docker image" to be moved into a separate file.
  • TRG 4.06 will be updated to mandate a dedicated file.
  • Please keep in mind to update your docker build workflow to include the new file instead of the README.md. See example of TRG 4.05 for reference.
• discussion on where to discuss about new / changes to existing TRGs: TRG draft section, within the PR or GitHub discussions
  • Sebastian is going to create a PR so everybody can vote on it
• As multiple people struggle with our current docusaurus¹ setup, there will be a training/hands-on session soon. It's will be announced on the mailing list.
• Content updates for KITs: Please ensure that no copyrighted content (incl. Catena-X) is contributed to Tractus-X.
• False-positive issues opened by Trivy - please raise a "tooling support" issue in the sig-security repository

Footnotes​

1. docusaurus: the generator for the pages you are reading right now ↩

New home for open meeting minutes​

We are happy to announce a new blog, that will host meeting minutes of all our open meetings in the future.

Looking for past blog entries? You can find previous posts on this consortia site or by visiting this consortia repo.