...
- Quantifying contributions to the WG should highlight that the amount of contribution is pretty sparse
- The estimate in the report is pretty generous
- Tom: Keeping it is a fine resolution (if nobody else objects to it being 3 FTE)
- Promoted fewer Gems than we deprecated
- Compatibility Reports
- Formatting?
- Placing the tables on their own pages
- We should add Rails 6 support as a Dev Congress topic
- Supporting Rails releases for certain components might be blocked upstream by Blacklight
- Why does ldp test against Rails?
- If this is an unacceptable state, then we need to be tracking the Rails release 4-5 months ahead of each stable release
- Hyrax is hopefully weeks away from a Rails 5.2 compliant release
- Release Report
- There is now unreleased code
- Components without new releases typically don't require anything additional
- Security
- GitHub offers a policy tab
- This should be configured
- Alerting WG to security issues
- We should encourage community members to contact us
- Policy
- Samvera as a whole has a policy for security issues
- Wiki: Report a security vulnerability
- E-Mail Samvera Steering
- There is also a longer document...there is communication earlier first
- Then, there is a delay before the public is made aware of this
- There is also: /wiki/spaces/samvera/pages/408722317
- This should be public, and we should only publish these after they have been fixed
- This WG should ensure that security vulnerabilities should be reported directly to Steering and coordinated
- We will communicate with Steering and assure them that we will notify them
- This might be an item for the next phase of this WG