Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • Explore how we can inform people of architectural decisions (especially the small ones vs ones done via ADR).  Can we tag items in the project boards?  If so, which ones and how?  (comes from the Hanoi planning meetings)
  • How should we apply semantic versioning to modules?  When do we update the minor and major versions of modules?  (comes from the Hanoi planning meetings)
  • PR Template for conventional commits is now in place for all repositories for all PRs but without TSC approval.  It doesn’t appear to be affecting any problem. We need to finalize the shape of this and officially approve the template by the TSC.
  • Extract of Device Service requirements to ADR legacy - what are all the pieces that need to be moved there?
  • Explore process and procedures for vetting 3rd party packages.  This initially came out of the security working group as a need to vet 3rd party packages for security issues (see #1947).  The community now has a larger interest in exploring it from a license perspective, size/performance impact, better alternative, as well as a security vetting.  James Gregg has done research to explore options.  James will lead the initial discussion (see
  • Per the Hanoi planning conference - we need to better define "bound checking" so that a design (and eventual implementation) can be brought forth to meet the requirements
    • Currently considering limiting the number of operations that can be performed on a service (like a device service) over a period of time or setting the max request size (that lends to DoS attacks)
    • Can the solution be more globally applied?
  • Design metadata about the “gateway” or host platform (identity, location, …)