Present: Florian, Frederik, Tristram, Peter, Loïc, Max,
-
Stage 2:
- OpenSSF:
- Threshold of 5/10 (Aggregate score)
- Should be run once for the stage application. Most of the criteria won't change (except vulnerabilities).
- The project can argue why OpenSSF has incorrectly scored certain criteria, in order to increase the score manually.
- Security review:
- Projects MUST have a process to find vulnerabilities and fix it automatically.
- Projects MUST have a
SECURITY.mdfile that explain how to report security issues. - Add both checks to the
stage2.mdapplication which tool and process the project is using (dependabot or other)...
- Reuse
- Max will add documentation on how it should be setup
- Open Communication
- Ask for open roadmap and communication. The project can show why its communication is open (could be matrix server / open issues and PR)...
- The project practices should be evaluated by the TC.
- OpenSSF:
-
FOSDEM:
- Max is not an organizer/admin (this will be checked with Peter)
-
Board of director:
- Maybe a new project (about train localisation) could be presented? (Mathias, InfraBel)
- We could have a new candidate from SNCF: (API for FRMCS)