1. Attendence
- Jeremy Mitchell
- Zach Hoffman
- Justin Howard
- Srijeet Chatterjee
- Ashish Paudyal
- Eric Holguin
- Stephen Hamrick
- Taylor Frey
2. With 6.1.0 released should we start planning for the April 1st
release? Should that be 6.2.0 or 7.0.0?
- If we make TO API v4.0 stable and remove 2.0 it needs to be 7.0.0
- APIv4 will have been unstable for roughly 6 months
3. Java 17 support in Traffic Router?
- Should represent performance benefits
- Upgrade impact currently unknown
- An issue will be opened
4. Go 1.18 is late
- 10 remaining release blockers
5. ML: CVE-2022-23206: Apache Traffic Control: Server-Side Request
Forgery in Traffic Ops endpoint POST /user/login/oauth
- We should consider joining that program that compensates bug finders
6. ML: Google Summer of Code 2022
- Could work on TPv2
- Developer "CDN-in-a-Box" should help with contributions to other
components
7. Should blueprints be required?
- How big is "too big to not have a blueprint"?
- How do we ensure the blueprint process doesn't slow down development?
- Jeremy (paraphrased): While stopping for discussion
inherently causes a slow-down, but the contentions had would surface
eventually, so by paying that cost up-front it's actually faster in
the long-term to use a blueprint to hash these things out
8. 19 tech debt issues are missing impact labels
- #3350 - Added "medium impact" label
- #3346 - No action
- Issue will be opened to track the removal of Riak as a
supported TV back-end
- #3343 - Added "medium effort" and "low impact" labels
- #3340 - Added "medium impact" and "low effort" labels
- #3338 - Closed as complete
- #3288 - Added "medium impact" label
On Tue, Feb 8, 2022 at 9:17 AM Zach Hoffman <[email protected]> wrote:
>
> Consider discussing:
> - Java 17 support in TR?
> - Go 1.18 is late
>
> Active mailing list threads:
> - CVE-2022-23206: Apache Traffic Control: Server-Side Request Forgery
> in Traffic Ops endpoint POST /user/login/oauth
> <https://lists.apache.org/[email protected]>
> - Google Summer of Code 2022
> <https://lists.apache.org/thread/9vd6bkx6bnmtvqpc19boyv3mngwl5sbm>
>
> On Tue, Feb 8, 2022 at 9:15 AM Jeremy Mitchell <[email protected]> wrote:
> >
> > We have 19 tech debt issue with no indication of the impact associated with
> > each:
> > https://github.com/apache/trafficcontrol/issues?q=is%3Aopen+is%3Aissue+label%3A%22tech+debt%22++-label%3A%22high+impact%22+-label%3A%22medium+impact%22+-label%3A%22low+impact%22
> >
> > Maybe we can add high, med, low impact as a team to each.
> >
> > On Tue, Feb 8, 2022 at 9:11 AM Jeremy Mitchell <[email protected]>
> > wrote:
> >
> > > Now that 6.1.0 is official, do we want to start thinking about our next
> > > official release planned for April 1 (start of Q2)? Are we thinking this
> > > will be 6.2.x or 7.0.x?
> > >
> > > On Tue, Feb 1, 2022 at 9:36 AM ocket 8888 <[email protected]> wrote:
> > >
> > >> If you have anything you want to discuss at next week's meeting,
> > >> respond to this email and it's on the agenda.
> > >>
> > >
