owned this note changed 2 days ago
Published Linked with GitHub

Notary Project Meeting Notes

tags: Notary Project, notary

TUF-notary meeting notes

NOTE: Time Change - Starting May 9 2022, we will hold two meetings a a week to account for folks in the US, Europe and Asia times.
Meetings are now:

  • Mondays 5-6pm pacific time, 8-9pm US Eastern, 8-9am Shanghai (US Summer time)
  • Mondays 4-5pm pacific time (US Winter time)
  • Thursdays 9-10am pacific time, 12pm US Eastern, 5pm UK

Links

Dial by your location

877 369 0926 US Toll-free
855 880 1246 US Toll-free
Meeting ID: 611 593 2621

One tap mobile

+16465588656,6115932621# US (New York)
+16699006833,6115932621# US (San Jose)

Note: See Meeting Notes Template below

## Meeting Notes Template
(template for copying)

## Meeting Date

### Attendees:
- _add yourself_

### Agenda Items:
- _add your topics_

### Notes:
- _meeting minutes_

### Recording:

_recording_url_

Agenda items must identify the (owner) of the item

Meeting chair rotation

  • Yi Zha
  • Feynman Zhou
  • Samir Kakkar
  • Pritesh Bandi
  • Toddy Mladenov
  • Vani Rao
  • David Tesar (emeritus)
  • Justin Cormack (emeritus)
  • Steve Lasker (emeritus)

Mar 24, 2025

Agenda Items

  • Review milestone v2.0.0-beta.1 and triage new issues (Feynman)

Notes

  • Patrick to update the issue description for the blob command UX revisit to focus on the shorthand enhancement for flags.
  • Yi to create separate issues related to UX improvements for notation.
  • Maintainers to vote on two community meeting poll within one week.
  • Feynman to ping Vani and other US-based contributors to vote on the US-friendly community meeting poll.
  • Feynman to update the community meeting polls to remove the cadence information and focus only on identifying comfortable meeting times.
  • Maintainers to discuss and make decisions on the community meeting cadence in a separate issue https://github.com/notaryproject/.github/issues/80.

Recording

https://youtube.com/live/CQU-tcrkG2E

Mar 17, 2025

Agenda Items

Notes

Quick recap

The Notary Project maintainers discussed the release of 2.0.0-alpha.1, proposed changes to meeting schedules, and explored the implementation of formatted output for the Notation CLI. They addressed the need for automatic output support, prioritizing stable commands and focusing on JSON format initially. Maintainers also shared issue lists for new contributors and discussed supporting the cozy hash envelope for blob code signature.

  • Next steps
    • Feynman to create an issue to discuss lowering the meeting cadence from weekly to bi-weekly.
    • Feynman to create a general guidance document for formatted output support in Notation CLI.
    • Feynman to update the project website and README with links to the "Good First Issues" and "Help Wanted" issue lists.
    • Patrick and Yi to discuss and work on the implementation of COSE hash envelope support for blob policy signatures (Issue #1226).
    • Patrick and Yi to update the Notary Project specification for COSE hash envelope support.

Recording

https://youtube.com/live/n6saG6HIFQY

Mar 10, 2025

Attendees

  • Dhseeh (Individual)
  • Byron Chien (Amazon)
  • Josh Polkinghorn (Amazon)
  • Victor Lu (Individual)
  • Sunil Ravipati (Individual)
  • Patrick Zheng (Microsoft)
  • Shiwei Zhang (Microsoft)
  • Feynman Zhou (Microsoft)
  • Patrick Zheng (Microsoft)
  • Yi Zha (Microsoft)

Agenda Items

  • Triage GitHub issues in v2.0.0-alpha milestone (Feynman Zhou)
  • v1.4.0-alpha release for blob signing (Yi)

Notes

  • Notary Project maintainers triaged all opening GitHub issues in the v2.0.0-alpha.1 milestone. Maintainers will re-visit the release timeline by EoW.
  • Notary Project maintainers will cut v2.0.0-alpha.1 first and decide whether we need v1.4.0-alpha.1 later on.

Recording

https://www.youtube.com/live/5fkp91A2IWU?si=v6vyuxd-z8wWm5ba

Mar 3, 2025

Skipped due to no agenda

Feb 24, 2025

Attendees

  • Yi Zha (Microsoft)
  • Josh Polkinghorn (Amazon)
  • Patrick Zheng (Microsoft)
  • Shiwei Zhang (Microsoft)
  • Feynman Zhou (Microsoft)
  • Patrick Zheng (Microsoft)
  • Toddy Mladenov (Microsoft)

Agenda Items

Notes

Recording

https://www.youtube.com/live/pB7ylytsB3g?si=4puhF5PAvRRuXo52

Feb 10, 2025

Attendees:

  • Josh Polkinghorn (Amazon)
  • Patrick Zheng (Microsoft)
  • Shiwei Zhang (Microsoft)
  • Feynman Zhou (Microsoft)
  • Patrick Zheng (Microsoft)

Agenda Items:

Notes:

  • Notary Project triaged issues in v2.0.0-alpha milestone. The major enhancements will be blob signing & verification, OCI Spec v1.1 support, formatted output support, and diagnostic experience enhancement.
  • Notary Project maintainers agreed to release Notation v2.0.0-alpha.1 by end of March, 2025. It is planned to be demonstrated at KubeCon EU in early April.
  • Another two topics will be moved to the next community meeting. Notary Project maintainers will demonstrate the PoC of blob signing & verification

Recording:

https://youtube.com/live/hvfXzpw0wi4

Jan 13, 2025

Attendees:

  • Pritesh Bandi (Amazon)
  • Patrick Zheng (Microsoft)
  • Shiwei Zhang (Microsoft)
  • Feynman Zhou (Microsoft)
  • Josh (Amazon)
  • Yi Zha (Microsoft)
  • Toddy Mladenov (Microsoft)
  • Sajay Antony (Microsoft)

Agenda Items:

  • Timeline of publishing the security audit report and blog post
  • Release v1.3.0 check-in
  • Review and determine the scope of the v1.4.0 milestone

Notes:

  • Pritesh proposed to adjust the PR merging criteria by removing the rule of requiring at least 2 approvals from different orgs
  • Welcome Josh from AWS joinning the community
  • The security audit report and blog post are planned to be published by Jan 17, 2025. @yizha1 will work with audit team to get them published this week
  • Notary Project maintainers aligned to release v1.3.0 within around a week since it will include the security vulnerability fixes from the security audit report.
  • Notary Project maintainers agreed to focus on blog signing and Detal CRL support in the [v1.4.0 milestone].(https://github.com/notaryproject/notation/milestone/25). Other issues have been moved to v2.0 due to limited resource.

Recording:

https://www.youtube.com/live/O_ZvfqfOQ6g?si=sqo5j3mDnGVDaHXl

Jan 6, 2025

Attendees

  • Pritesh Bandi (Amazon)
  • Patrick Zheng (Microsoft)
  • Shiwei Zhang (Microsoft)
  • Feynman Zhou (Microsoft)
  • Vani Rao (AWS)
  • Yi Zha (Microsoft)
  • Toddy Mladenov (Microsoft)
  • Sajay Antony (Microsoft)

Agenda Items

  • Security Audit and Notation v1.3.0 status check-in (Yi)
  • KubeCon updates (Yi)
  • Triage issues

Notes

  • Security Audit report will be published next week. We will need to publish two security advisories this week ASAP. @pritesh
  • Give one addtional week (this week) for testing as last week is still within holiday season
  • Notary Project maintainer tracker session was accepted for KubeCon EU 2024
  • Yi shared the start of engagement with in-toto community.
  • Need to create an issue to track how to make the commit signing guideline more visible, especially provide a guideline for users in the PR once they fail to sign their commits.

Recording

Archived meeting notes

See https://github.com/notaryproject/meeting-notes for archived meeting notes

Select a repo