June 24th, 2024 Community Meeting

[qu1queee]

• Please add a topic in this thread and add a link to the GitHub issue associated with the topic.
• Please make sure you give folks enough time to review/discuss the topic offline on GitHub before coming into the meeting
• (optional) Paste the image of an animal 😸

[avinal]

• https://github.com/shipwright-io/build/issues/1042
  • Line length
  • Consistency across documentation
  • Headers and front matter
• https://github.com/shipwright-io/community/issues/209#issuecomment-2158419106
  • more improvement
  • labeling and custom release notes

[adambkaplan]

Update: SHIP-0039 now marked "Implementable": https://github.com/shipwright-io/community/pull/205

[adambkaplan]

SBOM and SLSA for Shipwright

[adambkaplan]

LFX Insights

[adambkaplan]

Syncing mailing lists and calendar invites

[adambkaplan]

• @avinal Build docs update
  • Scope is markdown docs, not go code.
  • Docs syncing from code has proved hard in practice, leads to poor content experience.
  • @ayushsatyam146 recommended Docusaurus.
  • Conclusion: keep build docs in-tree to lower contributor barriers, but break link to website. Content on website should be updated separately.
• CVE dependency bumps: @avinal will recommend a label that we should apply to Dependabot PRs that fix CVEs. Maintainers need to check that a dependabot PR fixes a security issue before adding /approve or /lgtm.
• @adambkaplan SHIP-0039: final call for review, needs lgtm.
• @qu1queee LFX insights - will present next week on the dashboard, what we can do with the data.
• Manesh: he an @qu1queee investigating how to get Shipwright images to SLSA 3. Drafted SHIP #212 for review. @adambkaplan proposed for future (based on CNCF timeline on sandbox application): provisioning a k8s cluster to dogfood Shipwright and Tekton, with Chains enabled.
• Syncing mailing list w/ calendar: @adambkaplan to reach out to Red Hat OSPO on how to improve, potentially move to Google Groups.