Skip to content

Latest commit

 

History

History
81 lines (58 loc) · 3.24 KB

2020-10-23.md

File metadata and controls

81 lines (58 loc) · 3.24 KB

Meeting Minutes for October 23, 2020

Attendees

@mnonnenmacher, @tsteenbe, @sschuberth

Agenda

  • Review of last meeting's action items (see open issues at https://github.com/oss-review-toolkit/ort-governance/issues)
  • ORT performance logging (log performance relevant information)
  • Roadmaps from HERE and Bosch (what are we planning to work on in the next 90 days)
  • Committers from Bosch
  • Making ORT binary releases / version numbering
    • Where to put generic libraries (like spdx-utils, clearly-defined etc.)
  • Open-sourcing HERE's curation data
  • Cleanup of remote branches
  • Align the behavior of reporters (display of issues, excludes etc.) -> DRY principle
  • Next TSC meeting

General

Thomas is on parental leave (until January 9, 2021)

Technical

ORT performance logging

  • Use Splunk to parse / analyze the regular log statements printed to the console.
  • Look into using a custom "PERFORMANCE" log level (between "INFO" and "DEBUG").
  • Analyzer results currently are not cached; maybe hash package manager files / output of something like "./gradlew dependencies" as a lookup key

Roadmaps from HERE and Bosch

  • HERE: Performance
  • Bosch
    • Remote scanners (FOSSID, ScanOSS)
      • think about sync vs async scanners instead of local vs remote scanners
      • just triggering remote scn async'ly probably is enough to beging with; gathering results can could later
    • Advisor (adaptor for our current commercial provider, then add new providers to compare data quality to)
    • PDF reporting (AsciiDoc template -> HTML -> PDF), AsciiDoctorJ (?) integration
    • Azure DevOps infrastructure for running ORT

Committers from Bosch

  • Bump Oliver Heger and Marcel Bochtler up from contributors to committers
    • In GitHub-speak they will stay "Outside Collaborators", but get "Write" instead of "Triage" permissions
    • @sschuberth on-boards them / gives "behavior" guidance
    • TSC agrees unanimously

Making ORT binary releases / Where to put generic libraries

  • Automatically publish release on push of Git tag (of certain pattern)
    • Look for ready-made GitHub Action to do that for Gradle projects
  • Candidates for splitting out libraries: clearly-defined, fossid-webapp-client, spdx-utils, more to come
    • SemVer for these, 1.0.0 as first version number
    • Try with clearly-defined first
  • Introduce ChangeLogs
  • Aim for an ORT 1.0.0 release by Q1 2021
  • Think about providing migration tools on breaking changes
  • No Docker image publishing yet

Open-sourcing HERE's curation data

  • No update on that topic as @fviernau had no time / is currently on sick leave
  • HERE working on approval

Cleanup of remote branches

  • This script might help to identify own branches

Align the behavior of reporters

  • Remove Documenter from README, functionality will be in Reporter
  • Ensure all reporters handle various basics
    • Hard to enforce technically, maybe better come up with guidelines
  • Static HTML reporter does not show resolved issues at all (?) -> @tsteenbe will file an issue
    • Maybe remove the Static reporter in the mid term

Next TSC meeting

  • January 14, 2021, 10.00 o'clock