Security Working Group Minutes

voltone · February 7, 2025, 8:50am

February 5, 2025

Participants: Dan Janowski, @varnerac, Lee Barney, @maennchen, @voltone, Marc Nickert, Michael Lubas, Paul Swartz, Bas Wegh, @kiko

Still pending a response from MITRE
- Proposed meeting slots in February approaching

To be discussed in call with NIST
- Some uncertainty about whether EEF can do this on behalf of projects

Trying to obtain funding for ongoing supply chain work
Next step: align with documented package manager best-practices
- Get hex.pm involved, as well as build tools (Mix, Rebar3)

Picking up discussion started in Slack
Initial idea (Dan): make it easier to secure with TLS out of the box
- Issuing certificates
- Injecting kernel parameters
Broader use-cases (Lee): connecting (possibly transient) nodes across the Internet
- Instead of having to go through e.g. HTTPS
- Large clusters, frequent membership changes, unreliable nodes
- Security aspects just one part of it
Invited Lee to present his work to the group in the future
Offered Dan support with first round of research into possible approaches

Michael just finished pen-testing Oban Pro, might be interested
Need to start collecting requirements for the app’s scope
- Take it to Slack or Notion (see below)

We have access to Notion, with non-profit discounts
- Read-only access is free, must pay per write-enabled seat
- Currently being used by @maennchen for broader EEF work
Open it up a bit, start linking from Slack and meeting notes
- Create a landing page for the WG
- Keep licensed seats at a minimum

Wed 5 March 2025 at 16:00 CET / 15:00 GMT / 10am EST / 7am PST / 0:00 (Thu) JST