###### tags: `Technical Committee` # Technical Committee Meetings 2026 [](https://hackmd.io/sL9z7MGwSCOGSCXeY27mFg) ## Quick links * [Logistics](#logistics) * [Agenda and Notes](#agenda-and-notes) * [2026-01-22 Meeting](#January-22-2026) * [2026-01-08 Meeting](#January-8-2026) ## Logistics * **When:** 13:00–14:00 CET, every even week on Thursdays * **Where:** [Microsoft Teams Meeting](https://teams.microsoft.com/l/meetup-join/19%3ameeting_NGJhNDNjMTktYmE2NC00MDYwLWE5NzgtMjNhYTM0YzgwODM0%40thread.v2/0?context=%7b%22Tid%22%3a%2278703d3c-b907-432f-b066-88f7af9ca3af%22%2c%22Oid%22%3a%22535d914b-36ac-466b-af0a-b637f03eed42%22%7d) * **Meeting Agenda and Minutes:** https://hackmd.io/sL9z7MGwSCOGSCXeY27mFg * **Community Repo:** https://github.com/eiffel-community/community ## Agenda and Notes Please do not update the meeting agenda and notes directly on GitHub and instead use the document on [HackMD.io](https://hackmd.io/sL9z7MGwSCOGSCXeY27mFg) in order to prevent notes getting out of sync. ### Next * Should we evaluate Eiffel against the [OpenSSF Security Scorecard](https://github.com/ossf/scorecard) and/or the [OpenSSF Best Practices](https://www.bestpractices.dev/en)? * Should we enable Code scanning for all repos. See https://github.com/eiffel-community/eiffel-remrem-publish/security/code-scanning for an example. * Set via https://github.com/eiffel-community/eiffel-remrem-publish/settings/security_analysis * Workflow example: https://github.com/eiffel-community/eiffel-remrem-publish/blob/master/.github/workflows/codeql.yml * We need to understand how code scanning works before we enable it globally. Do we need a workflow similar to the codeql.yml above for things to work or is it enough to just click Enable in the repo (or global) settings? * (2024-02-21): You can set it up globaly - https://docs.github.com/en/code-security/code-scanning/enabling-code-scanning/configuring-default-setup-for-code-scanning-at-scale#eligible-repositories-for-codeql-default-setup * When/if decided: Enable all code scanning, Dependabot, secret scanning etc globally from the organization and send email to the mailing list about this change. * [OpenPubkey](https://www.bastionzero.com/openpubkey) for public key distribution * How do we document the process for adding external repos to the community? * What responsiblities does the Community /TC have for external repos? * Should the TC enforce maintainer rules on external repos? * Should we take another look at [eventcatalog](https://www.eventcatalog.dev/), see also [example](https://app.eventcatalog.dev/visualiser/?type=all&name=AllEventsAndServices) * Was previously raised on [TC 2023-01-26](https://github.com/eiffel-community/community/blob/master/meetings/MEETINGS_TC_2023.md#agenda-and-notes-24) * Gap analysis - CDEvents vs Eiffel. To help CDEvents reach 1.0 we should provide our input on the gap * [JSON schema to validate PURLs](https://github.com/package-url/purl-spec/pull/514) * Demo of GitHub app (ETOS workflow) ### February 05, 2026 #### Participants * TC Attendees * Magnus Bäck * Mattias Linnér #### Agenda and Notes * Rollcall (All) * We have quorum. * Agenda Bashing (All) * Action Item Review (All) * Follow up [the TC GitHub project board](https://github.com/orgs/eiffel-community/projects/3/views/4) * Follow up [the Eiffel protocol project board](https://github.com/orgs/eiffel-community/projects/6) * Updates from OpenTelemetry CI/CD WG (Magnus) * TC Elections * Community Meeting February 26 * Mattias on Vacation that week * Some people from the summit was not on the community list. Should we have some other additional means to find out about our the meetup? * How do we block spam from the mail list like [Feedback for Air Ducts and Vents Cleaning/Chimney Cleaning](https://groups.google.com/g/eiffel-community/c/_4x6XfKCCEM/m/8ax0ATRvAQAJ?utm_medium=email&utm_source=footer) - reporting it as spam does not help. * Info - Slack content will be removed >This is a notice that starting March 28th, 2026, messages and files older than one year will be deleted from your workspace if you remain on the free Slack plan. * PRs and issues #### Action Items * Magnus: Ask the security officers to try out the private vulnerability reporting feature. * All: Evaluate key repositories according to the OpenSSF criteria. * ?: Read up on static code analysis (see item in Next) and bring info to TC * Magnus: Look into why "Reply All" on Google Groups doesn't actually reply all. * Magnus: Check the proposed name of the source code tag event against the proposed new source change events to see if they're reasonably well aligned. If so we can move on with the tag event without waiting for the source change events. * Mattias: Create issue(s) for security vulnerabilities. * ~~Mattias: Update post-election checklist to cover this task.~~ * https://github.com/eiffel-community/community/pull/225 - Merged * Magnus: Create Google calendar for important events. ### January 22, 2026 #### Participants * TC Attendees * Magnus Bäck * Mattias Linnér #### Agenda and Notes * Rollcall (All) * We have quorum. * Agenda Bashing (All) * Approved. * Action Item Review (All) * Follow up [the TC GitHub project board](https://github.com/orgs/eiffel-community/projects/3/views/4) * Follow up [the Eiffel protocol project board](https://github.com/orgs/eiffel-community/projects/6) * Updates from OpenTelemetry CI/CD WG (Magnus) * No updates. * TC Elections * Fredrik Fristedt was appointed for another term as election officer, starting 2026-02-01 and ending 2027-01-31. * We'll ask him to prepare an election timeline and present it at the next TC meeting. * Who has the responsiblility to sync HackMD documents to GitHub? * Have we any need to document the process of linking and pushing or is the HackMD documentation enough? * Technical Commitee notes * Whoever takes the notes will push to HackMD upon completion. * Election process * Pushed to GitHub after the annual elections. * Action Mattias: Update post-election checklist to cover this task. * Do we need a calendar for the task to be done over the year or is that overthinking? * New technical meetings notes * Getting election officers * Starting summit discussions * Elections * Follow the post election checklist * Security officers * Action Magnus: Create Google calendar for important events * Eiffel summit 2026 * Too early to tell. * Where to put a new API for publishing events? * In a new, aptly named, repository. * PRs and issues #### Action Items * Magnus: Ask the security officers to try out the private vulnerability reporting feature. * All: Evaluate key repositories according to the OpenSSF criteria. * ?: Read up on static code analysis (see item in Next) and bring info to TC * Magnus: Look into why "Reply All" on Google Groups doesn't actually reply all. * Magnus: Check the proposed name of the source code tag event against the proposed new source change events to see if they're reasonably well aligned. If so we can move on with the tag event without waiting for the source change events. * Mattias: Create issue(s) for security vulnerabilities. * ~~Mattias: Send directed email to people who during the summit expressed interest in the new kind of community meetings.~~ * ~~Sent: 2026-01-08~~ * Mattias: Update post-election checklist to cover this task. * https://github.com/eiffel-community/community/pull/225 * Magnus: Create Google calendar for important events. ### January 8, 2026 #### Participants * TC Attendees * Magnus Bäck * Mattias Linnér #### Agenda and Notes * Rollcall (All) * We have quorum. * Agenda Bashing (All) * Approved. * Action Item Review (All) * Follow up [the TC GitHub project board](https://github.com/orgs/eiffel-community/projects/3/views/4) * Follow up [the Eiffel protocol project board](https://github.com/orgs/eiffel-community/projects/6) * Updates from OpenTelemetry CI/CD WG (Magnus) * No updates. * Remind people about next community meeting on Jan 29. * Action Mattias: Send directed email to people who during the summit expressed interest in the new kind of community meetings. * Eiffel summit 2026 * Hosting * Any new approaches? E.g. invite external speakers. * PRs and issues #### Action Items * Magnus: Ask the security officers to try out the private vulnerability reporting feature. * All: Evaluate key repositories according to the OpenSSF criteria. * ?: Read up on static code analysis (see item in Next) and bring info to TC * Magnus: Look into why "Reply All" on Google Groups doesn't actually reply all. * Magnus: Check the proposed name of the source code tag event against the proposed new source change events to see if they're reasonably well aligned. If so we can move on with the tag event without waiting for the source change events. * Mattias: Create issue(s) for security vulnerabilities. * Mattias: Send directed email to people who during the summit expressed interest in the new kind of community meetings. ### January 8, 2026 #### Participants * TC Attendees * Magnus Bäck * Mattias Linnér #### Agenda and Notes * Rollcall (All) * We have quorum. * Agenda Bashing (All) * Approved. * Action Item Review (All) * Follow up [the TC GitHub project board](https://github.com/orgs/eiffel-community/projects/3/views/4) * Follow up [the Eiffel protocol project board](https://github.com/orgs/eiffel-community/projects/6) * Updates from OpenTelemetry CI/CD WG (Magnus) * No updates. * Remind people about next community meeting on Jan 29. * Action Mattias: Send directed email to people who during the summit expressed interest in the new kind of community meetings. * Eiffel summit 2026 * Hosting * Any new approaches? E.g. invite external speakers. * PRs and issues #### Action Items * Magnus: Ask the security officers to try out the private vulnerability reporting feature. * All: Evaluate key repositories according to the OpenSSF criteria. * ?: Read up on static code analysis (see item in Next) and bring info to TC * Magnus: Look into why "Reply All" on Google Groups doesn't actually reply all. * Magnus: Check the proposed name of the source code tag event against the proposed new source change events to see if they're reasonably well aligned. If so we can move on with the tag event without waiting for the source change events. * Mattias: Create issue(s) for security vulnerabilities. * Mattias: Send directed email to people who during the summit expressed interest in the new kind of community meetings.