# Veraison go-cose Community Meeting Notes
###### tags: `go-cose`
- Bi-weekly on Fridays 8:00-9:00 pacific time
See below for the next scheduled meeting and proposed agenda
Links
- [GitHub](https://github.com/veraison/go-cose)
- [Zoom Dial-in link](https://us02web.zoom.us/j/81054434992?pwd=YjNBU21seU5VcGdtVXY3VHVjS251Zz09)
- [Calendar/ics](https://zoom.us/meeting/tZUtcu2srT8jE9YFubXn-lC9upuwUiiev52G/ics)
- [go-cose-community email distribution group](https://groups.io/g/go-cose-community)
- [YouTube Recordings](https://www.youtube.com/@go-cose-community3000)
**Note:** Template for copying at the bottom of the note.
- Agenda items must identify the (owner) of the item
## March 8, 2024
### Attendees:
- Steve Lasker
- Orie Steele
- Henk Birkoltz
- Yogesh Deshpande
- Roy Williams
### Agenda Items:
- Triage issues and PRs
- Discuss release of 1.2, documenting the process before the next release
- Steve can focus on the release process post 119
- Orie: Discuss typescript support for cose, possibly added to the veraison project
- Proposal to add a typescript-cose repo
- For licensing, decision to use MIT license for the new repo
- _add your topics_
## January 26, 2024
### Attendees:
- Steve Lasker
- Orie Steele
- Henk Birkoltz
- Thomas Fossati
- Yogesh Deshpande
- Roy Williams
### Agenda Items:
- Support for CWT Claims
- Add to veraison/go-cose
- Add a new sub-project project for go-cwt
- Orie: similar to: https://github.com/panva/jose
- Orie: proposal to add a few header properties for CWT_Claims, for SCITT Support
### Notes:
- _meeting minutes_
## October 6, 2023
### Attendees:
- Steve Lasker
- Orie Steele
- Quim Muntal
- Henk Birkoltz
- Hannes Tschofenig
### Agenda Items:
- [PR: Validate content type header parameter #176 - merged](https://github.com/veraison/go-cose/pull/176/files)
- [Issues](https://github.com/veraison/go-cose/issues)
- Triaged issues
- Created v1.2 milestone
- Closed v1.1 milestone
- Cut release 1.2
- Defer CWT_Claims addition to 1.3
- Release Policies
- Folders for release polices
- Minor releases are reviewed by maintainers
- Major release followies the same policies as minor
- We may do a third party audit, and would require it to be published before the release
- We reserve the right to not do the audit, if the maintainers believe the costs of the audit aren't justified based on the capabilities added
## September 8, 2023
### Attendees:
- Steve Lasker
- Orie Steele
- Yogesh Deshpande
- _add yourself_
### Agenda Items:
- Review issues/PRs
- Waiting for some updates to the existing issues, but no known blockers giving time for folks to prioritize go-cose and other work.
- _add your topics_
### Notes:
- _meeting minutes_
## August 25, 2023
### Attendees:
- Steve Lasker
- Roy Williams
- Orie Steele
- Quim Muntal
- Henk Birkoltz
### Agenda Items:
- [Upgrade fxamacker/cbor to v2.5.0 #166](https://github.com/veraison/go-cose/pull/166)
- Due to the underlying changes in fxamacker/cbor, we believe we need more test and dependent use validation.
- Are we asking folks to validate against a PR branch? Or, on main, which is not defined as a release?
- Will add more test cases to cover
- Quim to research any additional tests requried for confidence to merge
- Release Process
- [https://github.com/veraison/go-cose/pull/167](https://github.com/veraison/go-cose/pull/167)
- Merged
- [Detached signature verification fails with "missing payload" error
#150](https://github.com/veraison/go-cose/issues/150)
- Some discussion about `external` which refers to AAD
- Changing will be required across the whole library. Potential doc update to explain the parameter pattern.
- Orie: Is there a higher level abstraction?
- Quim: Yes, there's a sign1detached
- Roy: We may want to add another method for detached
- Steve: can we move forward, adding incremental enhancements later
- Orie: yes, can guide users to the lower level APIs, if needed
- Decision to move forward with the PR
- Discusion around what level of 3rd party testing we should do for each release. (Minor and Major)
- Roy has the action item for research
### Notes:
- What is our merge and release process?
- Merge to main, stabilize from there to RC branches?
- Stabilize outside of main, allowing main to move forward past a current stabilizing release?
- Need to document the release process
- Discussion:
1. For each PR, feel confident the test coverage is complete to merge into main. If not, add more tests before merging
2. Main becomes a secondary stability point
3. As RCs get released, dependent projects are requested to validate the RC before cutting the release (amount of time TBD)
4. Release get cut.
## February 10, 2023
### Attendees:
- _add yourself_
### Agenda Items:
- _add your topics_
### Notes:
- _meeting minutes_
## Jan 26, 2023
### Attendees:
- Yogesh Deshpande
- Steve Lasker
- Roy Williams
- Lachie Evenson
### Agenda Items:
- Review open issues
- No active PRs at this point
- _add your topics_
### Notes:
- Closed out open issues, related to 1.0 release
- Created a [v1.1.0 milestone](https://github.com/veraison/go-cose/milestone/7) for assignment of new issues
- Todo: [Add community info #127](https://github.com/veraison/go-cose/pull/127)
- Added [go-cose-community email distribution group](https://groups.io/g/go-cose-community)
- _meeting minutes_
# Meeting Notes Template
(template for copying)
## Meeting Date
### Attendees:
- _add yourself_
### Agenda Items:
- _add your topics_
### Notes:
- _meeting minutes_