ASWF TAC Meeting - June 19, 2019

Voting member attendance

  • Daniel Heckenberg - Chairperson, Animal Logic Pty Ltd
  • Gordon Bradley, Autodesk
  • Mark McGuire, Blue Sky Studios, Inc.
  • Michael O’Gorman, Cisco Systems Inc.
  • Henry Vera, Double Negative
  • Jeff Bradley for Bill Ballew, DreamWorks
  • Matt Kuhlenschmidt, Epic Games, Inc.
  • Brian Cipriano, Google
  • Jim Jeffers, Intel Corporation
  • Larry Gritz, Sony Pictures Imageworks
  • Jean-Francois Panisset, VES Technology Committee
  • Cory Omand, The Walt Disney Studios
  • Kimball Thurston, Weta Digital Limited
  • Ken Museth, OpenVDB Representative
  • Michael Dolan, OpenColorIO Representative
  • Cary Phillips, OpenEXR Representative
  • Eric Enderton, NVIDIA

Apologies

Other Attendees

  • Dan Bailey (ILM)
  • Erik Strauss (Netflix)
  • Andrew Grimberg (Linux Foundation Release Engineering)
  • Sean Looper (AWS Thinkbox)

Agenda

  • No preset agenda
  • OpenEXR CVE handling
    • Cary to dig into history of public CVEs and cross check with versions of commits / PRs that address those CVEs
    • For every release, mention which CVEs are fixed in that release
    • JF: maybe have a standard table, “CVEs.md” for instance?
    • Cary: not clear on how to update the CVEs list at mitre.org to update list with which version fixes the CVE
    • OpenEXR is the only project with current CVEs
    • Currently CVEs are buffer overflow types
  • JF: Microsoft has Tech Soup program for non profits that gives $3500 yearly credit https://www.techsoup.org/products/–G-50231–
  • Could pay for a GPU builder, or a big memory builder
  • Andrew: “elastic pools” in Azure Pipelines would help with dynamic allocation
  • OpenTimelineIO working on application for incubation.
    • Talking with legal group about application process, looking at templates of projects in incubation
    • Should be into the process by SIGGRAPH timeframe, some of the more time consuming aspects after SIGGRAPH
    • Trying to get out there as a signal to vendors as to the seriousness of project
  • OpenEXR status
    • Cary: first steering committee meeting in a month last week, rush of progress
    • 68% complete for CII badge, progress through security issues (a lot of the requirements don’t affect the project such as cryptography)
    • Currently no build infrastructure set up
    • Progress with Azure in other projects: seems ready to start transitioning
    • Will be working on SonarCloud
    • Addressing outstanding pull requests
    • Identified a bunch that can be closed for one reason or another, those that can be accepted / integrated, and small number that needs extra work, on the cusp of getting the number of outstanding pull requests to a much lower / manageable level
    • Still 130 outstanding issues, have been marked and categorized, need to triage them and start closing them. Large number related to CMake / build system, CMake more than anything else.
    • Kimball is working on a CMake standard template projects
    • Repo transition to ASWF github transition? Not clear date yet, and not yet completely clear on what is required for this to happen. Also waiting on CLA infrastructure.
    • Trivial example of Azure Pipelines build of OpenEXR and Sonar: https://github.com/jfpanisset/openexr
    • Progress on updating README information GitHub, contributing, TSC.
  • OpenColorIO
    • Michael: working on pull request to update the CI to Azure Pipelines, incorporated Docker images developed by Aloys. Created an image for each project and a base image, Linux builds now using these Docker images.
    • SonarCloud is integrated as well.
    • Outstanding issue on external dependencies: Michael to take this project on, moving GitHub repo into ASWF organization.
    • John helped to move the web site to https, working on CII badge requests. CI pull request will also address a lot of CII requirements.
  • OpenVDB
    • Dan: primarily looking at Azure Pipelines, building on top of Aloys work for Docker images.
    • Outstanding pull request on ASWF docker image, small issues, pulling different pieces of software from package managers vs building from source.
    • Minor issue related to GLFW library
    • Everything else is building correctly, unit tests are running
    • Merging this pull request once happy
    • Will start to expand the Docker image to include VFX Reference Platform
    • Some experimentation on personal Azure account to address Houdini builds, cannot be included in the public Docker image.
    • Andrew: Azure Pipelines provides private container registries. Dan: currently using Docker Hub.
    • Set up quick test with registry keys for private Docker image repo
    • Images can be lighter if we pre-download Houdini and only extract the libraries we need, could also have an image with multiple Houdini versions.
    • Windows / Mac builds, SonarCloud integration still on todo list
    • Looking at security-related issues, no reported issues so far (easy to meet that CII criteria), but working on a document about the security posture of OpenVDB, will be added to the repo (TSC directory).

  • Next meeting

    • 3 July 2019