raw notes from face-to-face conference (#31)

sarif message

Subject: raw notes from face-to-face conference (#31)

From: Michael Fanning <Michael.Fanning@microsoft.com>

To: 'OASIS SARIF TC Discussion List' <sarif@lists.oasis-open.org>

Date: Fri, 25 Jan 2019 00:25:16 +0000

Sent from Mail for Windows 10

anonymous morphed into [Co-Chair] David Keaton [Co-Chair] David Keaton: Agenda for January 24-25, 2019 MEETING OF OASIS SARIF TECHNICAL COMMITTEE Dates and Times January 24, 2019 08:00 11:30Morning session 11:30 13:30Lunch 13:30 16:00Afternoon session 18:00Optional dinner outing (time subject to change) January 25, 2019 08:00 11:30Morning session 11:30 13:30Lunch 13:30 15:30Afternoon session Meeting location Micro Focus Moffett Towers 1140 Enterprise Way Sunnyvale, California 94089, United States Phone: +1 408 734 4970 Meeting venue information Logistics document Local contact information Yekaterina O'Neil <katrina@microfocus.com> Meeting Chat Location http://webconf.soaphub.org/conf/room/sarif Meeting audio for remote attendees Thursday, January 23: To be supplied Friday, January 24: To be supplied Day 1 January 24 Day 1 08:00-09:00 Arrive, get settled Day 1 09:00-09:15 1. Opening Activities 1.1 Opening comments (Co-Chair Keaton, Host O'Neil) 1.2 Introduction of participants/roll call (Co-Chair Cartey) 1.3 Procedures for this meeting (Co-Chair Keaton) 1.4 Review of agenda (Co-Chair Keaton) 1.4.1 Any needed updates to agenda 1.4.2 Approval of agenda 1.5 Approval of previous minutes [Minutes of 2019-01-09 Meeting#30 To be supplied] (Co-Chair Keaton) 1.6 Review of action items and resolutions (Secretary Meyer) 1.7 Identification of SARIF TC voting members (Co-Chair Cartey) 1.7.1 Prospective members attending their first meeting 1.7.2 Members attaining voting rights at the end of this meeting 1.7.3 Members losing voting rights if they have not joined this meeting by the time it ends 1.7.4 Members who previously lost voting rights who are attending this meeting 1.7.5 Members who have declared a leave of absence 2. Timeline Status 2.1 Note where we are on the schedule [SARIF TC Timeline] (Co-Chair Keaton) - Working on CSD 2, with 34 open issues 3. Future Meetings 3.1 Future meeting schedule (Co-Chair Keaton) Scheduled teleconference (Wednesdays at 09:30 PST / 17:30 UTC for two hours) February 13 Day 1 09:15-10:15 4. Review and disposal of prepared change drafts and editorial changes 4.1 Editors' report 4.2 Approval of changes Location of change drafts: https://github.com/oasis-tcs/sarif-spec/tree/master/Documents/ChangeDrafts/Active Discuss the following items individually, then vote on them together unless someone would like to separate out an issue for individual vote. 4.2.1 Add result.useful and result.suppressionReasons [#268] 4.2.2 originalUriBaseId object's values are directory locations not file locations [#306] 4.2.3 Any other change drafts to be reviewed Day 1 10:15-10:30 Break Day 1 10:30-11:00 4. Review and disposal of prepared change drafts and editorial changes (continued) Day 1 11:00-11:30 5. Discuss Metrics Day 1 11:30-13:30 Lunch Day 1 13:30-14:30 6. TC Member Demos and Presentations, part 1 Day 1 14:30-15:30 7. Code Flows Aide to discussion: Possible changes to threadflowLocation [#194] [#202] Day 1 15:30-16:00 8. Review open TC issues 9. Discuss refinements to Day 2 agenda [Co-Chair] David Keaton: 1. Opening Activities [Co-Chair] David Keaton: 1.4.1 Changes to the agenda Michael C. Fanning: Michael submits a motion to update the agenda: Item 4 amended to include GitHub issues review. Agenda item 5 to be replaced with discussing our roadmap to close (deferring metrics discussion) Michael C. Fanning: Item 4 already includes issues review Michael C. Fanning: So the revised motion is simply to replace the metrics discussion, item 5, with the roadmap to close, item 13 Katrina O`Neil: https://www.oasis-open.org/committees/download.php/64583/agenda_20190124.html Michael C. Fanning: The motion is to remove item 4.2.1 and to bring item 8 in this section, to being review of open git hub issues. Next, we will swap 5 and 13. Michael C. Fanning: Larry seconds. No discussion. No objections. Agenda is so amended. [Co-Chair] David Keaton: 1.4.2 Approval of agenda as amended Michael C. Fanning: Larry moves to approve the agenda Michael C. Fanning: Michael seconds, no discussion, no objections, agenda is accepted as amended [Co-Chair] David Keaton: 1.5 Approval of previous minute [Co-Chair] David Keaton: https://www.oasis-open.org/committees/download.php/64585/minutes20190109.txt Michael C. Fanning: Michael moves to accept the chat from the previous TC as minutes for that discussion Michael C. Fanning: Larry seconds the motion, no discussion, no objections, chat trace is accepted as previous minutes Michael C. Fanning: no open action items to report on [Co-Chair] David Keaton: 2. Timeline Status Michael C. Fanning: no changes in voting rights as of this meeting Michael C. Fanning: timeline status, working on csd2, 34 open issues Michael C. Fanning: we will establish plan to get to second (final) public review as part of this tc Michael C. Fanning: next meeting is on 2/13 [Co-Chair] David Keaton: 4. Review and disposal of prepared change drafts and editorial changes Michael C. Fanning: we will propose other meetings as required contingent on discussion today and tomorrow Michael C. Fanning: we now proceed to editorial changes Michael C. Fanning: larry presents the editor's report, a synopsis of disposition for #286, #298, #303 and #304 Michael C. Fanning: Larry will update the last editor's report to indicate we have a draft for #306 Michael C. Fanning: discussion of #306 Michael C. Fanning: feedback from Alex, explain conditions when it is possible to fully construct an absolute URL from the uriBaseId + relative uri Michael C. Fanning: also applies to file location Michael C. Fanning: Jim notes that 'segments' are preferable to 'directories' Michael C. Fanning: Larry notes this section relates to file systems and so language around that context should predominate Michael C. Fanning: Larry proposes to reject the change, after discussion Michael C. Fanning: The core of the argument against is that originalUriBaseIds may usefully refer to non-directories Michael C. Fanning: The TC will not make a motion to approve the draft for #306 (which will be closed as won't fix) [Co-Chair] David Keaton: 8. Review open TC issues anonymous morphed into Larry Golding Michael C. Fanning: Resolution for #312:TC suggestion to add 'reintroduced'. rename existing to 'unchanged', updated is approved. Michael C. Fanning: for #302, addresses, we have updated the issue with a basic proposal for an address object Michael C. Fanning: we've identified a new opportunity to persist load map data in the SARIF as well Michael C. Fanning: We have approved a URI normalization algorithm in #315 Michael C. Fanning: #311, full metadata objects for notifications is design approved Michael C. Fanning: we will define arrays of rule and notification metadata objects and place these on the tool object Michael C. Fanning: ruleConfiguration will remain behind on the run objecyt Michael C. Fanning: We have a hat in the ring design for address objects from #302 documented in the issue Michael C. Fanning: We approved guidance around preserving case in file paths for #209 Michael C. Fanning: We have designed a mechanism to describe extensions to tools, such as rules plug-ins Michael C. Fanning: by defining a new toolComponent object, etc., #179