The maintainers of the OpenSearch-Security Repo seek to promote an inclusive and engaged community of contributors. In order to facilitate this, weekly triage meetings are open-to-all and attendance is encouraged for anyone who hopes to contribute, discuss an issue, or learn more about the project. To learn more about contributing to the OpenSearch-security Repo visit the Contributing documentation.
Attendance is not required for your issue to be triaged or addressed. All new issues are triaged weekly.
Each meeting we seek to address all new issues. However, should we run out of time before your issue is discussed, you are always welcome to attend the next meeting or to follow up on the issue post itself.
Meetings are hosted regularly at 3 PM Eastern Time (Noon Pacific Time) and can be joined via the links posted on the Upcoming Events webpage.
After joining the Zoom meeting, you can enable your video / voice to join the discussion. If you do not have a webcam or microphone available, you can still join in via the text chat.
If you have an issue you'd like to bring forth please consider getting a link to the issue so it can be presented to everyone in the meeting.
Meetings are lightly structured as follows:
- Announcements: If there are any announcements to be made they will happen at the start of the meeting.
- Review of new issues: The meetings always start with reviewing all untriaged issues for the security and security-dashboards repositories.
- Untriaged items: Review any issues that might have had the 'untriaged' label removed but require additional triage discussion.
- Open discussion: Next, we open the floor in case anyone wants to highlight an issue.
- Backlog discussion: Then, we review issues from the backlogs of the security and security-dashboards repositories.
- Least recent discussed issue: Finally, to close out the meeting we will review the oldest issues from both repositories, security and security-dashboards, to help identify issues that have languished.
There is no specific ordering within each category.
If you have an issue you would like to discuss but do not have the ability to attend the entire meeting please attend when is best for you and signal that you have an issue to discuss when you arrive.
No, all are welcome and encouraged to attend. Attending the Backlog & Triage meetings is a great way for a new contributor to learn about the project as well as explore different avenues of contribution.
You can always open an issue including one that you think may be a duplicate. However, in cases where you believe there is an important distinction to be made between an existing issue and your newly created one, you are encouraged to attend the triaging meeting to explain.
If you have an existing issue you would like to discuss, you can always comment on the issue itself. Alternatively, you are welcome to come to the triage meeting to discuss.
While we are always happy to help the community, the best resource for implementation questions is the OpenSearch forum.
There you can find answers to many common questions as well as speak with implementation experts.
What if my issue is critical to OpenSearch operations, do I have to wait for the weekly meeting for it to be addressed?
All new issues for the security repo and security-dashboards repo are reviewed daily to check for critical issues which require immediate triaging. If an issue relates to a severe concern for OpenSearch operation, it will be triaged by a maintainer mid-week. You can still come to discuss an issue at the following meeting even if it has already been triaged during the week.
Due to the sensitive nature of security vulnerabilities, please report all potential vulnerabilities directly by following the steps outlined on the SECURITY.md document.
You can always file an issue for any question you have about the project. Alternatively, you can reach out to specific contacts helping to organize the project: Stephen Crawford (steecraw@amazon.com), Dave Lago (davelago@amazon.com), and Peter Nied (petern@amazon.com).