...
Find your local number: https://zoom.us/u/abscayLpz ( https://www.google.com/url?q=https://zoom.us/u/abscayLpz&sa=D&ust=1570487240002000&usg=AOvVaw3baS0YLvMOVQhRUsVMH2C0 )
...
Meeting Agenda/Minutes
Sept 21, 2020: Adopter Series Requirements Summary
Aug 20, 2020: Meeting Minutes; Meeting Recording
July 20, 2020: Meeting Minutes; Meeting Recording
June 30, 2020 (extra meeting to address growing number of issues): Meeting Minutes; Meeting Recording
...
Nov 18: Meeting Minutes; Meeting Recording
Open Topics
- How far down in the review of a module/library does the vetting project go? Do we vet the use of the use of the use, etc. of a library?
- What are the criteria of acceptance of a module/library (license, usage, versioned, security concerns, etc.)
- Is it ok to accept a module/library that meets the criteria but could be smaller if we just did it ourselves (i.e. - is accepting a library that has 5 layers deep of imports ok?). How would we define / stipulate this as a criteria?
- James Gregg and Tony Espy to create short list of evaluation criteria based on James's list in https://github.com/jamesrgregg/1947-explore
- Jim White to use the evaluation list to review the 30+ library/module imports of edgex-go that are dynamically versioned (have no version number tag - example is bitbucket.org/bertimus9/systemstat v0.0.0-
20180207000608-0eeff89b0690) - With the revised criteria list and module/library report, re-evaluate this at the next meeting.
...
- Security WG - high priority review of ADR for bootstrapping in OCI containers requested.
- Architect’s asked to review prior to next Architect’s meeting (Sep 21)
- Bryon to cover highlights at that meeting
- Per the Hanoi planning conference - we need to better define "bound checking" so that a design (and eventual implementation) can be brought forth to meet the requirements
- Currently considering limiting the number of operations that can be performed on a service (like a device service) over a period of time or setting the max request size (that lends to DoS attacks)
- Can the solution be more globally applied?
- Is the Wiki the best place to document project decisions (those outside of or smaller than ADRs). This was our initial take. Should we revisit?
On Hold Topics or Pending Research
...
- How should we apply semantic versioning to modules? When do we update the minor and major versions of modules? (comes from the Hanoi planning meetings)
- Decision was to release (and tag) them with each EdgeX release (major)
- Enforce backward compatibility within a major release
- Scope this work for Ireland as it will impact DevOps (Jim to get with Ernesto)
- How do we review/remove artifact removal (docker images in Docker Hub, snaps, etc.)?
- Decision made to tag "latest" dot release with X.Y tagging and use X.Y in Docker Compose files (see minutes from 8/20).
- Open discussion still around what to do with old (very old) images.
- Let’s check what are other projects doing in this case (Kong, Consul, Vault, …)?
Also consult with community and adopters; what do they expect from us? Accenture, ThunderSoft, …
Jim to take this research and poll of adopters
- PR Template for conventional commits is now in place for all repositories for all PRs but without TSC approval. It doesn’t appear to be affecting any problem. We need to finalize the shape of this and officially approve the template by the TSC.
- Extract of Device Service requirements to ADR legacy - what are all the pieces that need to be moved there?
- Per the Hanoi planning conference - we need to better define "bound checking" so that a design (and eventual implementation) can be brought forth to meet the requirements
- Currently considering limiting the number of operations that can be performed on a service (like a device service) over a period of time or setting the max request size (that lends to DoS attacks)
- Can the solution be more globally applied?
- Design metadata about the “gateway” or host platform (identity, location, …)
- How do address module and component version release needs for examples (per Slack exchange with Luis Obando). go.mod in the examples helps - or at least some documentation on dependencies.
- Could add scope in order to understand the domain of a PR (especially for edgex-go)
- Mike and Tony to discuss before next TSC.
- Is order of event/readings being sent by a single device service important? Are there async operations in any service that could change the order of events as they are sent from a DS to core to application services (with REST, 0MQ or MQTT infrastructure)? What do customers desire here? Is maintained order important? What is the current state of the system and can we diagram/document that?
- Jim to do some research first. Findings: there are places in DS, Core and Application Services where messages can get out of order. If order is something that should be an option built in, it will require much work.
- Incorporation of Vertical Solution WG adopter presentation feedback
- Jim to collect and present after all 5 presentations
- EdgeX UI - it is for dev/test right now. Would we ever want to have a UI for production? Under what constraints?
- Being worked through Core WG