Academy Software Foundation - Technical Advisory Council (TAC) Meeting - June 26, 2024

Join the meeting at https://zoom-lfx.platform.linuxfoundation.org/meeting/97880950229?password=81d2940e-c055-43b9-9b5a-6cd7d7090feb

Voting Representative Attendees

Premier Member Representatives

Project Representatives

Carol Payne - OpenColorIO Representative
Cary Phillips - OpenEXR Representative
Chris Kulla - Open Shading Language (OSL) Representative
Diego Tavares Da Silva - OpenCue Representative
Jonathan Stone - MaterialX Representative
Ken Museth - OpenVDB Representative

Industry Representatives

Jean-Francois Panisset - Visual Effects Society

Non-Voting Attendees

Non-Voting Project and Working Group Representatives

LF Staff

David Morin - Academy Software Foundation
Emily Olin - Academy Software Foundation
John Mertic - The Linux Foundation
Yarille Ortiz - The Linux Foundation

Other Attendees

Tyler Furby, Wabi Foundation / Language Interop WG
Spencer Stephens, MovieLabs / Zero Trust WG
Robin Rowe, CinePaint
Joe Bryant, O3DE

Antitrust Policy Notice

Linux Foundation meetings involve participation by industry competitors, and it is the intention of the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws.

Examples of types of actions that are prohibited at Linux Foundation meetings and in connection with Linux Foundation activities are described in the Linux Foundation Antitrust Policy available at linuxfoundation.org/antitrust-policy. If you have questions about these matters, please contact your company counsel, or if you are a member of the Linux Foundation, feel free to contact Andrew Updegrove of the firm of Gesmer Updegrove LLP, which provides legal counsel to the Linux Foundation.

Agenda

General Updates
- Open Source Days 2024 #650
  - Emily: all schedules have been posted, virtual town halls, BoFs
  - BoF announcements will be fixed for correct speaker
  - will be setting up a call to set the process
  - can do rehearsal session if you want them
  - slide template is being tweaked, should have that for speakers by early next week
  - Erik: Beers of a Feather still Sunday Night? Emily: yes
  - We are working on news package for major project announcements, I have some of them, but if I haven’t talked to you and have some announcements, please let me know so it can be added to the list
  - David: for the opening 20 session, I’m looking for highlights since last SIGGRAPH, was reading that OTIO has done two releases in last 6 months, these types of high level summaries are useful and important. Will sit in on virtual town halls as well. Please send me any highlights.
- Dev Days 2024 #662
  - 5 projects officially apply, we are past the deadline, but Carol and Larry said they can still accept projects, don’t need to have every issue identified, but still can register your interest.
  - Carol: would also like to know from projects who have decided not to participate, what could we do to help you as well. Looking for feedback.
  - Larry: we’ve been collecting contributions from Projects and WGs, many of the projects are understaffed, so Dev Days is a way to address that. Once we publish the results, hopefully we will get participation from member companies. If you are a project that feels like it is under resources, participating to Dev Days may help.
- Adjust requirements for the OpenSSF Badge at the Adopted Stage #556
- ASWF PyPI Account
  - Please add ASWF account to PyPI to ensure continuity
- LX calendar
  - Waiting for update from team
Engineering Contribution Survey - Larry
- Contribution Survey
- A few projects / companies not yet filled in
- Some really interesting trends
- On the issue of “fiction”, most organizations report that once they have participated in a project, the median time to send contributions is short. The first PR sent to a project can take a “random” amount of time (typically a few weeks).
- Wondering if companies saying what projects matter to them vs what projects see companies contributing to, there seems to be an alignment.
- OCIO is saying that they are reporting more contributions from companies than what companies are saying
- Area of extended discussion is going to be looking at how we ask companies to report which projects are critical to them. And compare that to what companies report they are dedicating resources, that is quite different. Some projects are used by “everybody” as critical resources, yet only 1 or 2 companies believe they are putting dedicated resources into it.
- Shaping up to look like there are some shortfalls, not necessarily in places we expected.
- Will report back when we have all the data
- David: if you haven’t completed the data, please do. Thank you Larry for setting this up, this is the information we need to decide where to invest to grow our engineering contributions.
- Joe Bryant (chat): For O3DE I am finding that many contributors from companies are actually working on the project during off time, and not in official capacity of their company. Maybe this explains the discrepancy?
New Working Group Proposal - ASWF Language Interop WG #704
- Michael: I like the way this is framed. Would be a shame if lessons learned in Rust WG were missed by other language bindings. I’m a fan of Swift so definitely would like to see this work. Doesn’t seem out of left field, Rust has been up and down getting momentum going, may be a good way to get more people involved.
- John: are there any concerns?
- JF: doesn’t seem to be taking away resources from any other efforts.
- John: plan is to fold in the Rust WG?
- Tyler yes
- JF: we have quorum (just)
- Michael: propose, Carol second
- All approve, congratulations, will work with you to get things going.
- Tyler: thank you!
Adjusting Requirements for Project Adopted Stage - John
- Looking at requirements, pulling out requirements for which there isn’t a clear path
  - 10 requirements sidelined for now (see PR)
- Larry: a lot of projects got to passing level easily, but tripped over silver and gold
- Hitting the same issues, clusted in 2 areas:
  - Things which are outside our area of expertise and unclear how they apply to project, and unclear how to get there. Often around security issues, and beyond our abilities like a security audit
  - Another group of things that people have a desire to do, but unclear what would allow checking off the item
- The badging effort clearly had a focus on web facing projects with logins and passwords, a lot of those don’t apply to our projects. We wanted to align the requirements with the scope of what’s relevant to our projects. So this is the list we came down to.
- We would like projects to achieve the goal of achieving Silver or better, sidelining those specific requirements
- John: Cary did a good job of trailblazing, let’s set up “office hours” between projects leads to share insights gained by Cary.
- On the security side of things, we are working on an external group do a “security thread assessment” which should help. It’s a hard area of expertise, ASWF is not unique, I see this in other foundations which struggle in this area. We can bring in support to help give guidance. It’s not always an easy thing to do.
- Sounds like a great post siggraph activity.
- This gets us on par with a lot of other open source projects.
- Spencer: question about the security review: 5 year seems exceedingly long, given the evolving threat environment and code changes. John: yes, valid to do this more often, but cost / time commitment is high. Within 5 years is a typical open source requirement, once we get to a better place we could tighten this requirement. Spencer: would love to be included in any such security discussions.
- JF: propose to accept. Jonathan: second.
- Adopted!
- John: thank you, we won’t kick off “office hours” until after SIGGRAPH
- John: projects can apply to graduate based on new requirements. Supposed to be at next review, but could be earlier. Sat with Erik Reineke from OTIO, maybe half a day of work to get it done.
- John: will annotate requirements spreadsheet
- Larry: there is overlap between projects that report difficulty meeting requirements with projects reporting lack of resources, especially for longer term “strategic” requirements. Highest self reported was 50%. I suspect that every project that isn’t meeting all OpenSSF requirements may think “we want to meet this requirement, we can, but we haven’t had the time”. So looking at Dev Day issues, could be some OpenSSF requirements, could knock out a couple of issues in Dev Days.
- John: documentation can be a good entry level way to get involved. Also happy to help / give guidance. This community is good at taking requirements seriously.
D&I Accessibility subgroup - Carol
- We have a great guest speaker in July, different day and time, posted to Slack, will be a great talk, please join the call if you are able to, should be a great talk.
Rez - creating a sub group - JC
- Sub group for creating environments and launchers
- If anyone in the TAC is interested, please reach out
The OpenVDB National Anthem
- YouTube Video