Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Brigade / Community / 29 Mar 2022
Brigade / Community / 29 Mar 2022
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: Brigade Community Meeting -- 2022-03-29

Description

A recording of the Brigade Community Meeting on 2022-03-29

A

Hello brigadiers and welcome to the march 29th 2022 occurrence of the brigade community meeting uh in a first today we actually have no attendees, I'm going to record a brief update on the project anyway and post this to youtube later, as I do with all of the meetings, even when they do have attendees.

A

um I I think our lack of attendance today is probably due to um I'm aware of a few maintainers who messaged me and said they couldn't make it. Some of them are actually up in the air right now, um and uh also for those who aren't aware. um Alternating occurrences of this meeting happen at different times. uh What we're trying to do is accommodate both people in u.s time zones and in other international time zones, particularly brazil um and australia.

A

um So this is the uh occurrence uh for the month of march, that is meant to accommodate people in the u.s, and that is uh mostly maintainers who, as I said, have have some conflicts so I'll share my screen and we'll quickly go over the very short agenda that we had for today.

A

So here we go I'll bump up the size of this text, a little bit, um as I said short agenda for today, quick update on uh the community, um we're continuing to see new contributors arrive, which has been fantastic. The more the merrier and we've been seeing.

A

Some really good work, really good contributions from new people who are showing up mostly on the dashboard, but we also do have a few others who have shown up and made contributions to brigade itself, which has been absolutely fantastic, we're finding our work is increasingly community driven, which is a good thing. It does make it a little harder to predict timelines on things that we want to do, and it does make things a little bit more chaotic, but that's okay.

A

This is a good problem to have, having everything being a little bit more community driven, so hopefully we're developing what the community wants instead of what we think they want.

A

Also, the community is beginning to take up a larger percentage of the small issues which we really appreciate. That's awesome, um quick update. On google's summer of code, we did submit three different project ideas to the cncf, who in turn goes through some process, which I'm not really. I don't have a lot of insight into what that process is. I don't necessarily believe that all the ideas that we submitted um make the cut, so I will try to find out more information about that, because I've got a lot of people um asking me about this.

A

There have been a lot of people, a lot of new contributors who have expressed interest in working with us for uh gsoc and I'm sorry. I don't have great answers for most of those people right now, but I will talk to somebody at cncf and find out what I can about um timelines and and uh when we can expect to know whether the ideas we submitted are actually becoming uh formal, gsoc uh projects or not.

A

uh Last time we met. I talked about the get basics for brigade contributors video. um We had noticed that a lot of new contributors were also new to get a lot of our new contributors are students or early in career, um and so some of the things that we, you know are a little bit anal on with this project, things that we really insist on like having uh signed, commits and verified commits, or that is to say, commits that are gpg signed.

A

um You know, that's not necessarily an easy thing for everybody to do if they're not super familiar with git or not super familiar with the gpg suite. So we did put out a video to help people through that it received positive feedback from a few new contributors who were helped by it.

A

It received positive feedback from the maintainers of other projects who want to make use of the video, and it's even been suggested that we could um genericize it and uh promote it as a helpful resource for people contributing to any and all uh cncf projects. um So the video was previously public but unlisted.

A

I listed it as of today um based on the the positive feedback that was received, so it's out there for anybody to easily find and view now um just a quick update on our security posture, um most of the last two weeks and perhaps even prior to that we're consumed with security related issues.

A

um We are very concerned about the security of the software supply chain and we want to take all steps that that we are able to take in order to make sure that the software that we are putting out there into the world is as secure as possible.

A

So some of the things that we've started doing over the past few weeks, we now scan images as part of our ci process, so any image we build, we scan it. If any vulnerabilities are found, it doesn't automatically fail the build, but it does surface to us for uh informational purposes. So we're trying to take baby steps towards better software supply chain security here, um so the the idea is, is not necessarily that a vulnerability stops us from moving forward.

A

But it's it's just uh it's just an fyi. At this point, we want to know about vulnerabilities that exist and we want to be transparent about those now. That being said, we have used information that we've gleaned from those scans to go and address specific issues and further reduce the vulnerability. So this is information that we are acting on as we become aware of it also as part of our release process. Now we sign images and we also produce s-bombs.

A

Those are software bills of material for those who aren't familiar and we publish those to the github releases page as part of each release and just to fully vet that process. We, as of today, have uh cut release candidates of every peripheral and a new release of brigade itself is also pending.

A

So when we see that this process is working out nicely across the board, we will cut actual releases of of everything.

A

um We are going to be releasing a use case survey shortly that we would like community members who are using brigade to fill out help give us a little more insight into how brigade is being used or perhaps into how you would like to use brigade if it isn't currently addressing your needs.

A

We want to hear about it. um Karen is running point on that. I did see the survey that she created and it looks good to me, but I don't believe it's been disseminated to anybody yet um just a few other items that are still pending brigade in five minutes episode, three has still not been released. um That's due mostly um to the security work over the past two weeks that took precedence and then also illness. On my part, you may be able to hear that I don't sound right today.

A

I've got a sinus infection that I'm recovering from, um so I will again try to prioritize this over the coming weeks. I know I've been promising this episode 3 for some time, and I really hope to get it done before we meet again.

A

Also google analytics work is still pending. We are collecting um all the analytics, but we don't really have all of the right filters in place and everything yet to generate useful reports from those analytics. So that also is something that we've got to uh get done sooner rather than later. um Also uh george has promised a blog post about the cron uh event source, which went ga two three weeks ago.

A

I think- um and uh that also has been delayed due to illness, but I believe he said he's um back to coding today, and uh the blog post was one of his top priorities, so we should have a post about that soon.

A

So that's all that we've got for today, since uh we don't have uh anybody else in attendance. We obviously are not going to open the floor to um discussion of other items, but uh hopefully we see uh more people uh two weeks from now when we have the uh the occurrence of the meeting that is uh scheduled for the convenience of of international contributors and community members. So thank you everybody for your time. If you have gone to youtube and watched this video and we'll see you in two weeks, bye.

A

You.