Steve Lasker
    • Create new note
    • Create a note from template
      • Sharing URL Link copied
      • /edit
      • View mode
        • Edit mode
        • View mode
        • Book mode
        • Slide mode
        Edit mode View mode Book mode Slide mode
      • Customize slides
      • Note Permission
      • Read
        • Only me
        • Signed-in users
        • Everyone
        Only me Signed-in users Everyone
      • Write
        • Only me
        • Signed-in users
        • Everyone
        Only me Signed-in users Everyone
      • Engagement control Commenting, Suggest edit, Emoji Reply
      • Invitee
      • No invitee
    • Publish Note

      Publish Note

      Everyone on the web can find and read all notes of this public team.
      Once published, notes can be searched and viewed by anyone online.
      See published notes
      Please check the box to agree to the Community Guidelines.
    • Commenting
      Permission
      Disabled Forbidden Owners Signed-in users Everyone
    • Enable
    • Permission
      • Forbidden
      • Owners
      • Signed-in users
      • Everyone
    • Suggest edit
      Permission
      Disabled Forbidden Owners Signed-in users Everyone
    • Enable
    • Permission
      • Forbidden
      • Owners
      • Signed-in users
    • Emoji Reply
    • Enable
    • Versions and GitHub Sync
    • Note settings
    • Engagement control
    • Transfer ownership
    • Delete this note
    • Save as template
    • Insert from template
    • Import from
      • Dropbox
      • Google Drive
      • Gist
      • Clipboard
    • Export to
      • Dropbox
      • Google Drive
      • Gist
    • Download
      • Markdown
      • HTML
      • Raw HTML
Menu Note settings Sharing URL Create Help
Create Create new note Create a note from template
Menu
Options
Versions and GitHub Sync Engagement control Transfer ownership Delete this note
Import from
Dropbox Google Drive Gist Clipboard
Export to
Dropbox Google Drive Gist
Download
Markdown HTML Raw HTML
Back
Sharing URL Link copied
/edit
View mode
  • Edit mode
  • View mode
  • Book mode
  • Slide mode
Edit mode View mode Book mode Slide mode
Customize slides
Note Permission
Read
Only me
  • Only me
  • Signed-in users
  • Everyone
Only me Signed-in users Everyone
Write
Only me
  • Only me
  • Signed-in users
  • Everyone
Only me Signed-in users Everyone
Engagement control Commenting, Suggest edit, Emoji Reply
Invitee
No invitee
Publish Note

Publish Note

Everyone on the web can find and read all notes of this public team.
Once published, notes can be searched and viewed by anyone online.
See published notes
Please check the box to agree to the Community Guidelines.
Engagement control
Commenting
Permission
Disabled Forbidden Owners Signed-in users Everyone
Enable
Permission
  • Forbidden
  • Owners
  • Signed-in users
  • Everyone
Suggest edit
Permission
Disabled Forbidden Owners Signed-in users Everyone
Enable
Permission
  • Forbidden
  • Owners
  • Signed-in users
Emoji Reply
Enable
Import from Dropbox Google Drive Gist Clipboard
   owned this note    owned this note      
Published Linked with GitHub
5
Subscribed
  • Any changes
    Be notified of any changes
  • Mention me
    Be notified of mention me
  • Unsubscribe
Subscribe
# Notary Project Meeting Notes (archived) > **Note: Meeting notes has been moved to the project account's Hackmd https://hackmd.io/@EG2api1FTUudGEK6PMjvuQ/rk30ceMAyl** ###### tags: `Notary Project`, `notary` [TUF-notary meeting notes](https://hackmd.io/wii3-L8ZQZ-U3ET0XNY8Gg) **NOTE: Time Change** - Starting May 9 2022, we will hold two meetings a a week to account for folks in the US, Europe and Asia times. Meetings are now: - Mondays 5-6pm pacific time, 8-9pm US Eastern, 8-9am Shanghai (US Summer time) - Mondays 4-5pm pacific time (US Winter time) - Thursdays 9-10am pacific time, 12pm US Eastern, 5pm UK Links - [On GitHub](https://github.com/notaryproject/) - [CNCF Calendar](https://www.cncf.io/community/calendar/) - [Zoom Dial-in link](https://zoom.us/my/cncfnotaryproject) - Passcode: 77777 (5x 7) - [Notary Project Conversations on Slack](https://app.slack.com/client/T08PSQ7BQ/CQUH8U287/thread/CEX1W7WMD-1582660575.076600) - [Find your local number](https://zoom.us/u/aLDk4OXTu) - [Notary Project GitHub Projects](https://github.com/notaryproject/) - [YouTube Recordings](https://youtube.com/playlist?list=PL1ykZdgmLkb7SlXax-hJVUgvNHmq4Cyz9) - [Recordings prior to April 9, 2021](https://www.youtube.com/playlist?list=PLj6h78yzYM2O1BOGT3hLdJTJCKz0f-bYq) ### Dial by your location 877 369 0926 US Toll-free 855 880 1246 US Toll-free Meeting ID: 611 593 2621 #### One tap mobile +16465588656,,6115932621# US (New York) +16699006833,,6115932621# US (San Jose) **Note:** See Meeting Notes Template below ``` ## Meeting Notes Template (template for copying) ## Meeting Date ### Attendees: - _add yourself_ ### Agenda Items: - _add your topics_ ### Notes: - _meeting minutes_ ### Recording: _recording_url_ Agenda items must identify the (owner) of the item ``` ## Meeting chair rotation - Yi Zha - Feynman Zhou - Samir Kakkar - Pritesh Bandi - Toddy Mladenov - Vani Rao - David Tesar (emeritus) - Justin Cormack (emeritus) - Steve Lasker (emeritus) ## Apr 7, 2025 ### Attendees - Josh Polkinghorn (Amazon) - Victor Lu (Individual) - Patrick Zheng (Microsoft) - Shiwei Zhang (Microsoft) - Feynman Zhou (Microsoft) - Patrick Zheng (Microsoft) - Sajay Anthony (Microsoft) ### Agenda Items - [Community meeting schedule poll result](https://github.com/notaryproject/.github/issues/80) - [CVE-2025-30204: update golang-jwt](https://github.com/notaryproject/notation/pull/1249) from a user - should we consider a new v1.3.2 release as a security patch? - [spec: add "artifactType" to signature spec](https://github.com/notaryproject/specifications/pull/325) - An user's [test summary](https://github.com/notaryproject/notation/issues/1222#issuecomment-2784046901) on GAR's implementation on OCI v1.1 - Should we consider planning a new release v1.4.0 as considering forward compability? ### Notes - Shared by Victor Lu: - https://openssf.org/blog/2025/04/04/launch-of-model-signing-v1-0-openssf-ai-ml-working-group-secures-the-machine-learning-supply-chain/ - https://www.nics.uma.es/pub/papers/moyano2012trustbus.pdf - https://www.cylab.cmu.edu/news/2023/03/06-zero-trust.html - Maintainers to review the pull request for dependency bump up in notation-cli and identify an ETA for cutting a patch release for notation v1.3 - Maintainers to review the pull request introducing a new field "artifact type" to Notary Project's signature spec. - Community members to share their opinions on the proposal to change meeting cadence in the related issue. Josh to vote on the US-friendly meeting poll to help finalize the meeting schedule ### Recording https://youtube.com/live/ojplqi3k0S4 ## Mar 31, 2025 ### Attendees - Byron Chien (Amazon) - Josh Polkinghorn (Amazon) - Victor Lu (Individual) - Patrick Zheng (Microsoft) - Shiwei Zhang (Microsoft) - Feynman Zhou (Microsoft) - Patrick Zheng (Microsoft) ### Agenda Items - Add an "artifactType" property to signature spec https://github.com/notaryproject/specifications/pull/325 - How can we make sure the downstream integrations compatibility with the latest Notary Project release? One of the issues raised from a user in https://github.com/notaryproject/notation/issues/1222#issuecomment-2765375268 - Improve the diagnostics experience of `notation` https://github.com/notaryproject/notation/issues/1247 - Notary Project's Role in AI Governance ### Notes Actionable itmes from the discussion: * @patrickzheng Patrick to create an issue for resolving compatibility issues with registries that still use OCI 1.0. * Victor and Feynman to continue offline discussions about integrating Notary Project into CKS exam and training materials. * Notary Project maintainers to review and comment on the issue regarding improvement of diagnostics experience for notation CLI: https://github.com/notaryproject/notation/issues/1247 * Notary Project maintainers and community folks to vote on the meeting schedule polls and provide feedback on the proposed meeting cadence change: https://github.com/notaryproject/.github/issues/80 * Notary Project maintainers to review the pull request for the signature manifest change and provide suggestions if any https://github.com/notaryproject/specifications/pull/325 ### Recording https://youtube.com/live/TB-wRbcnYJ4 ## Mar 24, 2025 ### Attendees - Byron Chien (Amazon) - Patrick Zheng (Microsoft) - Shiwei Zhang (Microsoft) - Feynman Zhou (Microsoft) - Patrick Zheng (Microsoft) - Yi Zha (Microsoft) ### Agenda Items - Review milestone v2.0.0-beta.1 and triage new issues (Feynman) ### Notes - Patrick to update the issue description for the blob command UX revisit to focus on the shorthand enhancement for flags. - Yi to create separate issues related to UX improvements for notation. - Maintainers to vote on two community meeting poll within one week. - Feynman to ping Vani and other US-based contributors to vote on the US-friendly community meeting poll. - Feynman to update the community meeting polls to remove the cadence information and focus only on identifying comfortable meeting times. - Maintainers to discuss and make decisions on the community meeting cadence in a separate issue https://github.com/notaryproject/.github/issues/80. ### Recording https://youtube.com/live/CQU-tcrkG2E ## Mar 17, 2025 ### Attendees - Byron Chien (Amazon) - Josh Polkinghorn (Amazon) - Victor Lu (Individual) - Patrick Zheng (Microsoft) - Shiwei Zhang (Microsoft) - Feynman Zhou (Microsoft) - Patrick Zheng (Microsoft) - Yi Zha (Microsoft) ### Agenda Items - Announcement of release [notation v2.0.0-alpha.1](https://github.com/notaryproject/notation/releases/tag/v2.0.0-alpha.1) (Feynman/Patrick) - Meeting schedule poll and cadence discussion (Feynman) - Considering changing the cadence from weekly to bi-weekly and providing two series to accomodate people from different regions - [Notary Project community meeting (US-friendly) poll](https://github.com/notaryproject/.github/discussions/78) - [Notary Project community meeting (APAC-friendly) poll](https://github.com/notaryproject/.github/discussions/79) - Brainstorming on the [Formatted Output of Notation CLI](https://github.com/notaryproject/notation/issues/1228) (Feynman) - Info: [good-first issue list](https://github.com/notaryproject/notation/issues?q=is%3Aissue%20state%3Aopen%20label%3A%22good%20first%20issue%22) and [help-wanted issue list](https://github.com/notaryproject/notation/issues?q=is%3Aissue%20state%3Aopen%20label%3A%22help%20wanted%22) for new contributors - Triage issue https://github.com/notaryproject/notation/issues/1226 (Yi) - ### Notes **Quick recap** The Notary Project maintainers discussed the release of 2.0.0-alpha.1, proposed changes to meeting schedules, and explored the implementation of formatted output for the Notation CLI. They addressed the need for automatic output support, prioritizing stable commands and focusing on JSON format initially. Maintainers also shared issue lists for new contributors and discussed supporting the cozy hash envelope for blob code signature. - Next steps - [x] Feynman to create an issue to discuss lowering the meeting cadence from weekly to bi-weekly. - [ ] Feynman to create a general guidance document for formatted output support in Notation CLI. - [ ] Feynman to update the project website and README with links to the "Good First Issues" and "Help Wanted" issue lists. - [ ] Patrick and Yi to discuss and work on the implementation of COSE hash envelope support for blob policy signatures (Issue #1226). - [ ] Patrick and Yi to update the Notary Project specification for COSE hash envelope support. ### Recording https://youtube.com/live/n6saG6HIFQY ## Mar 10, 2025 ### Attendees - Dhseeh (Individual) - Byron Chien (Amazon) - Josh Polkinghorn (Amazon) - Victor Lu (Individual) - Sunil Ravipati (Individual) - Patrick Zheng (Microsoft) - Shiwei Zhang (Microsoft) - Feynman Zhou (Microsoft) - Patrick Zheng (Microsoft) - Yi Zha (Microsoft) ### Agenda Items - Triage GitHub issues in v2.0.0-alpha milestone (Feynman Zhou) - v1.4.0-alpha release for blob signing (Yi) ### Notes - Notary Project maintainers triaged all opening GitHub issues in the [v2.0.0-alpha.1 milestone](https://github.com/notaryproject/notation/milestone/23). Maintainers will re-visit the release timeline by EoW. - Notary Project maintainers will cut v2.0.0-alpha.1 first and decide whether we need v1.4.0-alpha.1 later on. ### Recording https://www.youtube.com/live/5fkp91A2IWU?si=v6vyuxd-z8wWm5ba ## Mar 3, 2025 Skipped due to no agenda ## Feb 24, 2025 ### Attendees - Yi Zha (Microsoft) - Josh Polkinghorn (Amazon) - Patrick Zheng (Microsoft) - Shiwei Zhang (Microsoft) - Feynman Zhou (Microsoft) - Patrick Zheng (Microsoft) - Toddy Mladenov (Microsoft) ### Agenda Items - Discussion of the [Blob signing proposal](https://github.com/notaryproject/notation/pull/1180) and release plan (Yi) - v1.4.0 alpha --> beta --> stable - The scope of alpha - Scenario 1 in the proposal - [Proposal for archiving the roadmap repository](https://github.com/notaryproject/.github/issues/77) (Feynman) - [Notation Enhancement Proposal Template](https://github.com/notaryproject/notation/pull/1174#discussion_r1962848354) (Feynman) - Vote on the community meeting schedules (Feynman) ### Notes - Notary Project maintainers agreed to plan a v1.4.0 release. This release might be backed port from v2.0.0-alpha. This release will focus on the [Scenario 1: Blob signing and verification with file-based distribution](https://github.com/notaryproject/notation/pull/1180/files#diff-ef897069f6e2e10247637c806502298c0869276cea184bb89b5eae6af6ad2c40R15). The [Scenario 2: Blob signing and verification with registry-based distribution](https://github.com/notaryproject/notation/pull/1180/files#diff-ef897069f6e2e10247637c806502298c0869276cea184bb89b5eae6af6ad2c40R21) will be re-visited and designed in the next iteration. [Proposal for archiving the roadmap repository](https://github.com/notaryproject/.github/issues/77) - Notary Project governance maintainers and org maintainers are supposed to vote on it - Notary Project maintainers agreed to move the [Notation Enhancement Proposal Template](https://github.com/notaryproject/notation/pull/1174) to .github repository. It should be a part of the contribution process and applicable to all sub-projects of Notary Project. - Feynman will create a Doodle Poll to request community folks to vote on the community meeting schedules ### Recording https://www.youtube.com/live/pB7ylytsB3g?si=4puhF5PAvRRuXo52 ## Feb 10, 2025 ### Attendees: - Josh Polkinghorn (Amazon) - Patrick Zheng (Microsoft) - Shiwei Zhang (Microsoft) - Feynman Zhou (Microsoft) - Patrick Zheng (Microsoft) ### Agenda Items: - Discuss the scope and release plan of Notation v1.4.0 and Notation v2.0.0 - [PoC of blob signing and verification](https://github.com/Two-Hearts/notation/releases/tag/v2.0.0-blobregistry) - What's difference between a blob file in OCI registry and an OCI artifact? Why do we propose `--reference` in `notation blob verify`? - Should we consider `notation push` to enable push/attach a signature to the registry? - Potential UX enhancement - Explore and brainstorming OSS signing scenario - https://github.com/notaryproject/notation/discussions/1161 - https://staging.augmentedmind.de/2025/02/08/docker-image-signing-with-notation/ ### Notes: - Notary Project triaged issues in [v2.0.0-alpha milestone](https://github.com/notaryproject/notation/milestone/23). The major enhancements will be blob signing & verification, OCI Spec v1.1 support, formatted output support, and diagnostic experience enhancement. - Notary Project maintainers agreed to release Notation v2.0.0-alpha.1 by end of March, 2025. It is planned to be demonstrated at KubeCon EU in early April. - Another two topics will be moved to the next community meeting. Notary Project maintainers will demonstrate the PoC of blob signing & verification ### Recording: https://youtube.com/live/hvfXzpw0wi4 ## Jan 13, 2025 ### Attendees: - Pritesh Bandi (Amazon) - Patrick Zheng (Microsoft) - Shiwei Zhang (Microsoft) - Feynman Zhou (Microsoft) - Josh (Amazon) - Yi Zha (Microsoft) - Toddy Mladenov (Microsoft) - Sajay Antony (Microsoft) ### Agenda Items: - Timeline of publishing the security audit report and blog post - Release v1.3.0 check-in - Review and determine the scope of the [v1.4.0 milestone](https://github.com/notaryproject/notation/milestone/25) ### Notes: - Pritesh proposed to adjust the PR merging criteria by removing the rule of requiring at least 2 approvals from different orgs - Welcome Josh from AWS joinning the community - The security audit report and blog post are planned to be published by Jan 17, 2025. @yizha1 will work with audit team to get them published this week - Notary Project maintainers aligned to release v1.3.0 within around a week since it will include the security vulnerability fixes from the security audit report. - Notary Project maintainers agreed to focus on blog signing and Detal CRL support in the [v1.4.0 milestone].(https://github.com/notaryproject/notation/milestone/25). Other issues have been moved to v2.0 due to limited resource. ### Recording: https://www.youtube.com/live/O_ZvfqfOQ6g?si=sqo5j3mDnGVDaHXl ## Jan 6, 2025 ### Attendees - Pritesh Bandi (Amazon) - Patrick Zheng (Microsoft) - Shiwei Zhang (Microsoft) - Feynman Zhou (Microsoft) - Vani Rao (AWS) - Yi Zha (Microsoft) - Toddy Mladenov (Microsoft) - Sajay Antony (Microsoft) ### Agenda Items - Security Audit and Notation v1.3.0 status check-in (Yi) - KubeCon updates (Yi) - Triage issues ### Notes - Security Audit report will be published next week. We will need to publish two security advisories this week ASAP. @pritesh - Give one addtional week (this week) for testing as last week is still within holiday season - Notary Project maintainer tracker session was accepted for KubeCon EU 2024 - Yi shared the start of engagement with in-toto community. - Need to create an issue to track how to make the commit signing guideline more visible, especially provide a guideline for users in the PR once they fail to sign their commits. ### Recording - https://www.youtube.com/watch?v=Bp6BNbWmK9U ## Archived meeting notes See https://github.com/notaryproject/meeting-notes for archived meeting notes

Import from clipboard

Advanced permission required

Your current role can only read. Ask the system administrator to acquire write and comment permission.

This team is disabled

Sorry, this team is disabled. You can't edit this note.

This note is locked

Sorry, only owner can edit this note.

Reach the limit

Sorry, you've reached the max length this note can be.
Please reduce the content or divide it to more notes, thank you!

Import from Gist

Import from Snippet

or

Export to Snippet

Are you sure?

Do you really want to delete this note?
All users will lose their connection.

Create a note from template

Create a note from template

Oops...
This template is not available.
Upgrade
All
  • All
  • Team
No template found.

Create custom template

Upgrade

Delete template

Do you really want to delete this template?
Turn this template into a regular note and keep its content, versions, and comments.

This page need refresh

You have an incompatible client version.
Refresh to update.
New version available!
See releases notes here
Refresh to enjoy new features.
Your user state has changed.
Refresh to load new user state.

Sign in

Forgot password

or

By clicking below, you agree to our terms of service.

Sign in via Facebook Sign in via Twitter Sign in via GitHub Sign in via Dropbox Sign in with Wallet
Wallet ( )
Connect another wallet

New to HackMD? Sign up

Help

  • English
  • 中文
  • Français
  • Deutsch
  • 日本語
  • Español
  • Català
  • Ελληνικά
  • Português
  • italiano
  • Türkçe
  • Русский
  • Nederlands
  • hrvatski jezik
  • język polski
  • Українська
  • हिन्दी
  • svenska
  • Esperanto
  • dansk

Documents

Help & Tutorial

How to use Book mode

How to use Slide mode

API Docs

Edit in VSCode

Install browser extension

Get in Touch

Feedback

Discord

Send us email

Resources

Releases

Pricing

Blog

Policy

Terms

Privacy

Cheatsheet

Syntax Example Reference
# Header Header 基本排版
- Unordered List
  • Unordered List
1. Ordered List
  1. Ordered List
- [ ] Todo List
  • Todo List
> Blockquote
Blockquote
**Bold font** Bold font
*Italics font* Italics font
~~Strikethrough~~ Strikethrough
19^th^ 19th
H~2~O H2O
++Inserted text++ Inserted text
==Marked text== Marked text
[link text](https:// "title") Link
![image alt](https:// "title") Image
`Code` Code 在筆記中貼入程式碼
```javascript
var i = 0;
```
var i = 0;
:smile: :smile: Emoji list
{%youtube youtube_id %} Externals
$L^aT_eX$ LaTeX
:::info
This is a alert area.
:::

This is a alert area.

Versions and GitHub Sync
Upgrade to Prime Plan

  • Edit version name
  • Delete

revision author avatar     named on  

More Less

No updates to save
Compare with
    Choose a version
    No search result
    Version not found
Sign in to link this note to GitHub
Learn more
This note is not linked with GitHub
 

Feedback

Submission failed, please try again

Thanks for your support.

On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?

Please give us some advice and help us improve HackMD.

 

Thanks for your feedback

Remove version name

Do you want to remove this version name and description?

Transfer ownership

Transfer to
    Warning: is a public team. If you transfer note to this team, everyone on the web can find and read this note.

      Link with GitHub

      Please authorize HackMD on GitHub
      • Please sign in to GitHub and install the HackMD app on your GitHub repo.
      • HackMD links with GitHub through a GitHub App. You can choose which repo to install our App.
      Learn more  Sign in to GitHub

      Push the note to GitHub Push to GitHub Pull a file from GitHub

        Authorize again
       

      Choose which file to push to

      Select repo
      Refresh Authorize more repos
      Select branch
      Select file
      Select branch
      Choose version(s) to push
      • Save a new version and push
      • Choose from existing versions
      Include title and tags
      Available push count

      Upgrade

      Pull from GitHub

       
      File from GitHub
      File from HackMD

      GitHub Link Settings

      File linked

      Linked by
      File path
      Last synced branch
      Available push count

      Upgrade

      Danger Zone

      Unlink
      You will no longer receive notification when GitHub file changes after unlink.

      Syncing

      Push failed

      Push successfully