DA Meeting Minutes 2022-05-25

Attendees:

Apologies:

Absent:

Agenda:

  • Review actions from previous meeting
  • Issue 78: Upgrading node version to the latest LTS
    • Review of actions
  • Issue 88: Preventing or Mitigating Open Source Supply Chain Attacks
    • LD to report back
  • Issue 89: Mojaloop Code Signing using Helm Provenance and Integrity
    • Aime to present
  • AOB

Minutes

  • Issue 78 (follow-up from previous action item)
    • Under way
    • All core libraries migrated
    • Estimate 2-3 days per component. ~13 components currently outstanding…
    • Most of the time is in upgrading the CI-CD scripts
    • Do we have an ETA? Not yet, we will link to issues in GitHub.
    • Some additional follow-up items:
    • Some libraries have changed load strategies from CommonJS to EMS. Need to find alternatives, but this is relatively simple to do.
    • Some repositories quite difficult to upgrade and need considerable refactoring. Perhaps move to jest instead of tapes, or the new Kafka library which is part of vNext.
    • Some areas have high-security issues raise with no current fix or available patch. These are dependencies of dependencies.
    • MdB will create these as issues on the OSS backlog list.
  • Issue 80 (follow-up from previous action item))
    • Plan is to listen to the Kafka event stream and pick up messages from that.
    • PdB: This is perfect
    • BS: what about other FRMS systems?
    • MR: identifiers are not the kind of personal information you need. We have a new item for KYC information, but it’s variable by scheme.
    • SK: we’re not including sending information back into Mojaloop. How would we do that? MR: via rules, Mojaloop calls Actio to see if a transfer is interdicted. Problem is, we’d have to do that for every (transfer? quote?) when only a very small number would be interdicted…
    • MdB: are you planning to process Kafka messages in batches or singly? Should be batches…

Actions:

  • MdB will continue with node upgrade tasks
  • MdB will raise backlog issues as appropriate to address problems with node upgrade
  • JF will call for a vote on issue 80 and mark it as closed if no dissent.