Hyperledger TOC documents
Home Page: https://toc.hyperledger.org/
License: Creative Commons Attribution 4.0 International
This repo consists of documentation and is licensed under Creative Commons Attribution 4.0 International (CC-BY-4.0), a copy of which can be found in the LICENSE file.
A rendered version of this website is probably what you want to see.
Please add Hyperledger AnonCreds so that it shows up here: https://insights.lfx.linuxfoundation.org/projects/hyperledger-f/dashboard;quicktime=time_filter_3Y
Should have just the 3 repos initially.
Thanks!
In the first meeting of the 2023 TOC, one of the goals specified was to create documentation standards.
The main goal of this task force is to document standards for new projects to use for creating their documentation.
TBD
Bobbi Muscara
Document the process for how someone would create a task force using information from the following decision log items:
At the January 19, 2023 TOC meeting, @lehors presented an overview of OpenSSF. One of the low hanging fruit that Hyperledger might implement to improve security is the use of SigStore for artifact signing.
This task force will be focused on developing best practices and tooling for using SigStore for artifact signing.
TBD
Arun S M
With the new lifecycle simplification,
Projects that have been in the Dormant state for a period of 6 months will be automatically archived.
Transact was moved to a Dormant state on May 4, 2023 via #98
The Cacti maintainers are proposing a state change from Incubation to Graduated.
There is a set of slides that @VRamakrishna is working on which will be part of our proposal for graduation.
Once the slides are available (and shared here) we'll request the TOC members to provide feedback on potentially missing/lacking aspects of the project so that we can address those prior to a vote which can hopefully happen during the TOC meeting of 2023 September 21, Thursday.
Any other feedback is also welcome in the meantime of course.
cc: @tkuhrt @arsulegai
In the first meeting of the 2023 TOC, @denyeart suggested we look at creating best practices for projects
Document/Gather best practices for projects in a single location.
May 2023.
Dave Enyeart
The Security Task force provided recommendations to the 2022 TSC. One of those recommendations had to do with vulnerability disclosures.
Responsible vulnerability disclosure process does not exist. (Reference: https://github.com/ossf/wg-vulnerability-disclosures)
- Have project designated contact points as security mavens, helps in auditing.
- Audits serves as a way to prove that the project took right measures against a potential risk.
- CVEs will be published in open at the end of 90 days, unless requested for an extension explicitly.
During the discussions with the 2022 TSC, there was concern about mandating vulnerability
disclosure within 90 days.
Of note, Hyperledger documents a responsible disclosure policy in Security Team Policies as:
Responsible Disclosure
- 48 hours to respond to reporter acknowledging the report.
- 1 week to triage, report, and coordinate with the affected project maintainers to plan the fix of the bug.
- 90 days to fix and release a fix or disclose the security bug.
- Any "critical" errors shall be assigned a CVE number and disclosed through the formal CVE system.
Given this discrepancy in what is documented and what is understood, it seems that we need to revisit this to ensure that all Hyperledger projects understand their responsibilities when it comes to vulnerability disclosure and that we follow consistent practices across the different Hyperledger projects.
Other resources:
Revisit the responsible disclosure documented policy and update the default template for vulnerability disclosure processes for Hyperledger projects to ensure visibility and consistency across Hyperledger projects.
TBD
Arun S M
Introduction/background material:
Various government and public agencies have experimented with using Blockchain as part of their technology stack while conducting elections from a fair and transparent perspective. The idea behind this task force would be
Task to be completed:
List of deliverables or work products:
Whitepaper
Time to complete (no more than 6 months): 6 Months
Leader: Vikram Sharma
Initial participant list
Amol Kulkarni
Kamlesh Nagware
Aruna S M
Madhu Bhatia,
Rajesh Krishnan, Sr Architect, Dell
Sunil Kapadia
Samrat Kishor
Anant Avinashi
Ishan Roy, Head Tamil Nadu eGovernance
Sowjanya Segu,
Anil Dongre, Sr Architect, Persistent
Aniket Dhar,
Dhyan Appachu Bollachettira, Founder, Shambala
Pritam Singh
Ranjeet Singh
Shivendra Yadav
Ravi Shankar Gupta
Sandeep Srivastava
TSC Quarterly Project Updates are a way for the TSC to understand the state and community health of Hyperledger projects. The TSC Vice Chair reaches out to projects when they miss submitting their TSC Quarterly Project Update to remind the projects that they have a report due. The following are the reach out mechanisms that are used:
If the TSC Vice Chair is unable to reach someone in the project and an entire quarter has gone by since the report was due, then the TSC will discuss and determine if there should be a vote on moving that project to a Dormant state.
Today's Hyperledger Project Lifecycle, represents a lifecycle in which projects only move forward through the different stages. In past TOCs, we have talked about whether this should change and whether we should instead represent the state of a project with some form of badging to allow people to be able to quickly determine the health and status of a project. In addition, the Governing Board has requested that we take another look at how best to represent the current status of project's within Hyperledger. There are a couple of different options that this task force might consider:
Background Material:
Determine how to update the project lifecycle and whether that will involve the introduction of badging.
TBD
Rama
Venkatraman Ramakrishna (Rama)
Bobbi Muscara
cc: @hyperledger/grid-contributors
See hyperledger-archives/ursa#233
No major updates have occurred in almost 2 years. There are two major security vulnerabilities against ursa that the maintainers do not have to time to fix and the code is very outdated which is part of the time to fix.
The current maintainers recommend EOL for Ursa.
Approved by voice vote 02 JUN 2022
This issue tracks the discussions and the work for project health indicator data.
As part of the TSC meeting on 1/6/2022, the policy around project quarterly reports was brought up. As part of the discussions, collecting data to accurately reflect a project's health came up.
A proposal to pre-populate the project quarterly report template with project health data was made. This will help project teams to not be stressed about filling out the reports because each report already comes with useful data. Equally important, this gives the TSC members a standard set of data dimensions to review in order to properly evaluate the health of each project.
Currently, for Hyperledger project, the following sources of data are available:
What can be done to allow project health data to be accurately identified and properly captured?
Insights currently doesn't offer stable APIs that can be used outside of the Insights' own dashboard UI. Having stable APIs would allow the information to be embedded in other places such as TSC wiki during review meetings.
It's important to capture point-in-time snapshots for the quarterly reports, or other places where such information is used, such as the Learning Materials Development Working Group.
This requirements for snapshots can be accomplished via one of the following ways:
Are there other data sources that can be useful to load into Insights?
The following bullets capture the summary from the ongoing discussions.
@compleatang has stated Monax can provide no further development effort for Burrow
Background:
One thing that could possibly benefit the TSC (and Hyperledger as a whole) is more awareness of and interaction with different projects. This could spur more cross-project collaboration, less fragmentation between projects, and, in general, more project happiness with the TSC.
Proposal:
The TSC collectively requests that each TSC member attend one project meeting a month for a project with which they are unaffiliated and have not been a contributor (and, ideally, one that they have not attended before). Whether people want to introduce themselves and participate or just listen wouldn't matter too much: just attendance would be great.
On the TSC wiki, a page will be created to keep track of meeting attendance in some kind of spreadsheet (either public, if people are OK with it, or private to the TSC) with the main purpose being that TSC members know which meetings other members have attended so that TSC members can stagger their attendance across many project meetings. This is because this initiative will be much more effective if TSC members attend many different meetings rather than all attending, say, a meeting of what is perceived to be a currently popular project.
We also propose to include SIGs and working groups as possible options for TSC members to attend. Finally, if non-TSC maintainers wish to be included, we propose to include them as well.
The time commitment--one meeting a month--should be pretty small, and the hope is that going to these meetings would be very informative for TSC members, and an opportunity for projects who aren't strongly connected to the TSC to ask questions about HL as a whole if they want.
We also propose that TSC members be invited (but not required) to report back during TSC meetings about anything they found interesting, noteworthy, or that needs addressing in some sort of brief discussion. We also suggest that TSC members that adhere to this schedule be rewarded with food and/or drink by the HL staff at the next in-person event.
The FireFly Community would like to propose moving from Incubating Project status to Graduated Project status. I will open a PR against https://github.com/hyperledger/hyperledger-hip with the details of our proposal, and I will link it back to this issue. I am happy to discuss any questions or feedback that the TOC has on that PR, or to chat about it on a call if desired.
If possible, we would love to discuss this topic and hold a vote at the next TOC meeting on 2023-09-21. We are working toward having maintainers from each of the different companies represented in the project present for discussion that day.
Thanks!
Nicko
In the first meeting of the 2023 TOC, @swcurran suggested we look at creating best practices for automated pipelines
Document the best practices for how to produce and publish artifacts
TBD
Detailed proposal can be found here https://wiki.hyperledger.org/display/TSC/DCI+Working+Group%3A+Inclusive+Naming+Proposal
The scope of this discussion is captured at cncf/foundation#617.
The issue at hand pertains to discussing whether there is an impact on the Hyperledger Foundation. Many of the projects under the Hyperledger Foundation have the aforementioned dependencies. These projects will be affected by this license change, with the impact extending to the production of build artifacts. Determining whether these builds would be utilized for production deployments poses a challenge. It is not in the best interest of the TOC/Hyperledger Foundation to require users to purchase a commercial license for the utilization of these build artifacts.
With the most recent update to the Hyperledger Charter, "Supported Projects" were introduced.
The scope of the Hyperledger Foundation includes supporting various open technical projects (including open source software, open standards / specifications, open data and other open projects, collectively, “Technical Projects”).Technical Projects can either be overseen by (i) the Technical Oversight Committee of the Hyperledger Foundation (such Technical Projects, “TOC Projects”), or (ii) separate technical oversight pursuant to a technical charter specific to such Technical Project (such Technical Projects, “Supported Projects”).
As such, the TOC needs to better understand the impact to the TOC Governing Documents, specifically, the project proposal process, project lifecycle, and any other places where "Supported Projects" might need to be reflected.
Update Hyperledger governing documents and other places that need to handle "Supported Projects".
TBD
TBD
git-blameWhen new people join the Hyperledger community, it can sometimes be hard to know where and how to participate and become active. Hyperledger has a few resources to attempt to help people know where they might provide their energies, including:
CONTRIBUTING.mdHowever, we still hear from people that they do not know how to get involved.
This task force will focus on a set of specific audiences and develop onboarding content for each of them.
Create onboarding content for
TBD
Bobbi Muscara
As we are moving project reports and other items from the Wiki, we should consider whether it makes sense to have all TOC operations in the same location. This will ensure that the meeting minutes are not lost if we migrate from Confluence in the future.
There is a broken link in this mentorship page :
Discussions:
If a project does not have a retirement policy, a default policy of from three to six months of inactivity will result in moving a maintainer to emeritus status
The Hyperledger Transact codebase is now maintained as part of Hyperledger Sawtooth's lib repository which you can find here: https://github.com/hyperledger/sawtooth-lib. As such, the maintainer's have requested that the project be moved to a Dormant state while the transition occurs and eventually be moved to EOL state.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.