Academy Software Foundation Technical Advisory Council (TAC) Meeting - January 22, 2025

Join the meeting at https://zoom-lfx.platform.linuxfoundation.org/meeting/97880950229?password=81d2940e-c055-43b9-9b5a-6cd7d7090feb

Voting Representative Attendees

Premier Member Representatives

Project Representatives

Carol Payne - OpenColorIO / Diversity & Inclusion WG Representative
Cary Phillips - OpenEXR Representative
Chris Kulla - Open Shading Language Representative
Diego Tavares Da Silva - OpenCue Representative
Jonathan Stone - MaterialX Representative
Ken Museth - OpenVDB Representative

Industry Representatives

Jean-Francois Panisset - Visual Effects Society

Non-Voting Attendees

Non-Voting Project and Working Group Representatives

LF Staff

David Morin - Academy Software Foundation
Emily Olin - Academy Software Foundation
John Mertic - The Linux Foundation
Yarille Ortiz - The Linux Foundation

Other Attendees

Josh Bainbridge - Framestore
JT Nelson, Pasadena Open Source consortium / SoCal Blender group
Ben Schofield, CDSA
Rob Rowe, Cinepaint
Ben Giles, Calligra

Antitrust Policy Notice

Linux Foundation meetings involve participation by industry competitors, and it is the intention of the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws.

Examples of types of actions that are prohibited at Linux Foundation meetings and in connection with Linux Foundation activities are described in the Linux Foundation Antitrust Policy available at linuxfoundation.org/antitrust-policy. If you have questions about these matters, please contact your company counsel, or if you are a member of the Linux Foundation, feel free to contact Andrew Updegrove of the firm of Gesmer Updegrove LLP, which provides legal counsel to the Linux Foundation.

Agenda

General Updates
- OpenAPV - defining 6 month milestones #877
- OpenQMC #434
- Security Threat model analysis for ASWF projects #615
Call out TAC Vice Chair being GB rep alternate #946

Notes

Upcoming reviews: MaterialX and raw2aces
- Jonathan: we can be review for MaterialX. Would folks scheduled for today prefer that slot? Carol: got rescheduled for layer. Larry: it feels like we just did it? Doesn’t have a to be a big update, but you had a big release, seems worth updating. Jonathan: yes, we’ll update.
- Raw2aces: need to connect with Alex Forsythe. Larry / Carol: yes, month of Feb is going to be final push on ACES2 for OCIO integration, but we may want to target something a bit later. John: we have gaps.
OpenQMC #434
- Eric: seem to have internal assignment, but working on getting someone “important enough” to sign off.
OpenAPV - defining 6 month milestones
- First TSC last week. Eric R: regular cadence of meetings. Have document we put together, we’ve laid the ground work, OpenAPV as a project is going to work on defining milestones. OpenAPV can come up with recommendation and bring back to the TAC.
- John: do you want to work with them and put this back on TAC agenda? Eric R: let me check the schedule. Next meeting is Thursday next week, would be reasonable to say by mid February. Can check back in on Feb 19th TAC meeting.
Security Threat model analysis for ASWF projects
- John: meetings have started. Jonathan: first meeting with OSTIF group went well, we exchanged ideas. They have posted 3 security advisories in triage mode, are they relevant, how should they be addressed. We haven’t dived into them yet. We also want that people who aren’t ASWF leads can view these issues, in particular some people from Apple are very interested in ASWF project security. John: I pinged Andy Grimberg for GitHub stuff.
- Cary: OpenEXR had first meeting last week, described project, where we are, we thing we’re doing the right thing, but “tell us what we don’t know”. Haven’t heard back since, not sure if they are working on OpenEXR and not finding anything? John: they may want to not burden projects too much, they will circle back when they have more to discuss.
- Larry: want to bring in people who are contributors but not necessarily just the people who normally get the advisories. That’s a good idea, one complaint on project side leadership is we don’t know what to pay attention to. Outside consultants are not project users, they may have trouble judging what’s relevant, people from Autodesk / Apple may have better idea based on how they integrate the projects, are the alerts something they care about. We should make this a priority. John: don’t want to publicize holes before there is a fix in place. Larry: we can help find people in those companies who are interested in security. John: they don’t want to put out final report before something is deemed fixed or irrelevant.
Call out TAC Vice Chair being Governing Board rep alternate
- John: wanted to add more documentation in our processes. #946
- JF: do we need to define who is eligible to be delegated the role of Governing Board representative? Carol: is there something earlier in the document that defines “TAC membership”? John: would have a to be a TAC voting member? Carol: if we add it for GB representative, we should add it for “everything”.
- John: Does anyone have an issue with Carol being the “alternative TAC representative to the Governing Board”? No one has.
- John: will clarify that you have to be a TAC voting member? Carol: seems to be clear. Larry: we don’t have an escape clause for main representative, just for TAC vice chair. We can change the charter at a later time. Will we need to vote every year to make the vice chair the GB alternate? John: no. Carol: unless vice chair doesn’t want to do it (timezone issues for instance).
Carol: early phase of discussion on taking up color metadata in OpenEXR in Color Interop Forum as next topic. So Color Interop Forum is starting up again, we have a meeting next week with this topic. So if you have interest, join next Monday at noon PST.
Emily: Feb 13 is Open Source Forum, registration code will be emailed out today / tomorrow. Matthew: will this be “remote enabled?”. Emily: first half will have remote option, second half (moderated discussion) will only have remote for board members / voting TAC members. That will be sent separately. Matthew: also joint board / tac meeting before? Emily: yes, will post full schedule. Starts at noon for board members, 2PM for actual event. Open Source Forum Announcement
Rob Rowe: looking to catch up on security stuff? Cary: two projects (OpenEXR, MaterialX) will share back results of audit, but for now there’s now foundation-wide project set up for this. Rob: where can I ask to catch up? Cary: MaterialX may be further along, but can ask Jonathan or myself. Larry: can help to look at badging requirements which calls out need for security audit every few years, so that’s the pilot program of doing a legit “outside group” security audit on two projects, is it a valuable service, this is our “toe in the water” to test the process, and see what real security experts tell us we have to do differently.