- Paul Baker firstname.lastname@example.org (PB)
- Pedro Barreto email@example.com (PSB)
- Miguel de Barros firstname.lastname@example.org (MdB)
- Johann Foley email@example.com (JF)
- Sam Kummary firstname.lastname@example.org (SK)
- Simeon Oriko email@example.com (SO)
- Michael Richards Michael.Richards@modusbox.com (MR) (Chair)
- Godfrey Kutumela firstname.lastname@example.org (GK)
- Lewis Daly email@example.com (LD)
- Istvan Molnar firstname.lastname@example.org (IM)
- Justus Ortlepp email@example.com (JO)
- Review actions from previous meeting
- Issue 78: Upgrading node version to the latest LTS
- Review of actions
- Issue 88: Preventing or Mitigating Open Source Supply Chain Attacks
- LD to report back
- Issue 89: Mojaloop Code Signing using Helm Provenance and Integrity
- Aime to present
Issue 78 (follow-up from previous action item)
- Under way
- All core libraries migrated
- Estimate 2-3 days per component. ~13 components currently outstanding…
- Most of the time is in upgrading the CI-CD scripts
- Do we have an ETA? Not yet, we will link to issues in GitHub.
- Some additional follow-up items:
- Some libraries have changed load strategies from CommonJS to EMS. Need to find alternatives, but this is relatively simple to do.
- Some repositories quite difficult to upgrade and need considerable refactoring. Perhaps move to jest instead of tapes, or the new Kafka library which is part of vNext.
- Some areas have high-security issues raise with no current fix or available patch. These are dependencies of dependencies.
- MdB will create these as issues on the OSS backlog list.
Issue 80 (follow-up from previous action item))
- Plan is to listen to the Kafka event stream and pick up messages from that.
- PdB: This is perfect
- BS: what about other FRMS systems?
- MR: identifiers are not the kind of personal information you need. We have a new item for KYC information, but it’s variable by scheme.
- SK: we’re not including sending information back into Mojaloop. How would we do that? MR: via rules, Mojaloop calls Actio to see if a transfer is interdicted. Problem is, we’d have to do that for every (transfer? quote?) when only a very small number would be interdicted…
- MdB: are you planning to process Kafka messages in batches or singly? Should be batches…
- MdB will continue with node upgrade tasks
- MdB will raise backlog issues as appropriate to address problems with node upgrade
- JF will call for a vote on issue 80 and mark it as closed if no dissent.