generated from ossf/project-template
-
Notifications
You must be signed in to change notification settings - Fork 52
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update Airflow reports for October and November
- Loading branch information
Showing
3 changed files
with
52 additions
and
1 deletion.
There are no files selected for viewing
2 changes: 1 addition & 1 deletion
2
...engagements/2024/Airflow/9-2024 Update.md → ...ngagements/2024/Airflow/Update-2024-09.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,4 @@ | ||
| # Update 2024-08 | ||
| # Update 2024-09 | ||
|
|
||
| ## Project progress | ||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| # Update 2024-10 | ||
|
|
||
| ## Project progress | ||
|
|
||
| There was [Community Over Code](https://communityovercode.com/) - 7-19 October, Denver, where security united project was presented | ||
| in a talk and Birds of Feather session. The Birds of Feather session was well attended (including | ||
| Board Members of the Apache Software Foundation and infrastructure folks) and we | ||
| got some good feedback from the community. | ||
|
|
||
| Airflow is undergoing a major release work Airflow 3 and that includes a lot of decisions and discussions | ||
| on dependencies - for example we decided to get rid of a venerable `connexion` library and replace it with | ||
| `FastAPI` - which is a more modern and maintained library and it reshapes the dependency graph of Airflow | ||
| (removes some candidates for deeper analysis and adds some more). There are also discussion on how to | ||
| split Airflow into independent packages, with subset of dependencies for separate providers - that might | ||
| change the ways we approach dependencies. | ||
|
|
||
| Discussions were started with Apache Software Foundation on funding the new "tooling" position for the ASF | ||
| - and also resulting from that the search for another candidate for the position was started. | ||
|
|
||
| ## Open Refactory bug analysis | ||
|
|
||
| CVE charts produced by Open Refactory have been largely improved and we are looking for making then a good | ||
| input for our discussions with maintainers. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| # Update 2024-11 | ||
|
|
||
| ## Project progress | ||
|
|
||
| The initial 16 projects have been contacted with "can we help with your security" - with already | ||
| some feedback and meetings with the maintainers scheduled in December. We have also prepared ideas and | ||
| subjects for a series of blog posts that we are going to write summarising our findings. | ||
|
|
||
| We also prepared two submission for FOSDEM and FOSS Backstage conferences in 2025 - talking about the | ||
| project. We are waiting for results of the CFPs. | ||
|
|
||
| Not much progress on tooling yet, we continue to look for other candidates in the Apache Software Foundation | ||
| and as discussions on the "tooling" position is still ongoing. | ||
|
|
||
| Jarek has been invited by the ASF infrastructure team to be a part of the interviewing team for the tooling | ||
| position in the Apache Software Foundation. | ||
|
|
||
| As part of the engagement work is on-going on implementing and testing Trusted Publishing workflow that will | ||
| be reusable for the Apache Software Foundation projects. The discussion on how to do it happened in the | ||
| ASF infrastructure team and the implementation is | ||
| [in progress](https://github.com/gopidesupavan/gh-svn-pypi-publisher/pull/1) | ||
|
|
||
| ## Open Refactory bug analysis | ||
|
|
||
| Further refinement of the graphs have been prepared. A presentation of the current state of the project | ||
| has been presented by the Open Refactory team - stressing the multiple "F" that their tooling might help with. | ||
|
|
||
|
|