MPQS Meeting Minutes 2021-02-24 9:30 UTC

Attendees

  • Godfrey Kutumela (GK)
  • Pedro Baretto (PB)
  • Victor Akidiva (VA)
  • Samuel Kummary (SK)
  • Miguel De Barros (MB)
  • Lewis Daly (LD)
  • Aime Bukassa (AB) - Absent
  • Tom Daly (TD) - Absent
  • Michael Richards (MR) - Not an attendee.

Agenda

  1. Weekly progress review - MPQS Zenhub Board
  2. AOB

Minutes

  • GK highlighted progress of Stories as below:
  1. #1792-Perform WhiteSource License and Security scans: The scans were completed but there were issues with XL output when multiple scans are made. LD agreed to try running multiple scans from different projects as suggested by GK.

  2. #2028 - Add a signature verification function: AB is progressing with microservice testing. Once successful AB will add encryption / decryption functionality. GK to organize stakeholder meeting once AB is ready to review the proposed new design.

  3. #2029 - Define business/functional requirements for logging: GK requested VA to split the tasks in this story into standalone stories. GK will ask MR to assist with defining Business requirements before the design work commences.

  4. #1879 - Minimize the number of repos: Task is blocked as team awaits output from PB.

  5. #1949 - Tech proposal to be reviewed by Mowali experts. GK added that he will table proposal to DA for their review and input.

  6. #2055 - Deploy Mojaloop to MPQS lab: VA highlighted task is more less completed and is progressing to commence on blocked stories that were depending on this lab setup. VA appreciated MB for his assistance in the process.

  7. #2051 - Review NIST special publication: GK updated that he completed reviewing NIST 171 and identified some areas which are applicable to Mojaloop operations. He will proceed with reviewing NIST 172 next week.

  8. #2074 - Secure Kubernetes Network Deployment: GK updated that TD is testing K8 network security policies locally on Miniloop. Once ready he will engage stakeholders for a technical review for promotion and adoption after testing.

  9. #2064 - Explore solutions for dependency confusion attack. LD updated task in progress and team is reviewing Microsoft recommendations. There are discussions on slack over product vs library level licensing which are ongoing. PB enquired what happens when licences change and Mojaloop picks subsequent versions based on package update process. LD said licence scans would pick such. There was a review of SDK using “@internal” dependency but this was determined not to be an issue.

  10. GK gave an overview of blocked stories to the team.

Meeting ended at 13.10.

1 Like