Meeting minutes for the 20th of June 2023 meeting
- We discussed potentially migrating the security issue reporting mechanism from the current mechanism using the Chromium issue tracker, to the mechanism github recently rolled out. Overall, it seems like there was a preference to move to the github-based mechanism, but we’d want to explore first if there are any significant downsides to it.
- We started exploring if there is anything we need to do about keeping track of new releases of dependencies in the LLVM project, and if those new releases of dependencies have any fixed security vulnerabilities in them. @kbeyls took an action to explore what github-integrated mechanisms exist to automatically keep track of new releases of dependencies with fixed security vulnerabilities.
- At first sight, after the meeting, it seems that github does offer such a service. It may even be possible to automatically have pull requests created to update versions of dependencies.
- We checked the status of the open security issues and took a few actions to progress them.