Academy Software Foundation Technical Advisory Council (TAC) Meeting - January 7, 2026

Join the meeting at https://zoom-lfx.platform.linuxfoundation.org/meetings/aswf?view=list&projects=aswf

Voting Representative Attendees

Premier Member Representatives

Project Representatives

Carol Payne - Diversity & Inclusion Working Group Representative, OpenColorIO Representative, TAC Chair
Cary Phillips - OpenEXR Representative, TAC Vice Chair
Chris Kulla - Open Shading Language Representative
Daniel Greenstein - OpenImageIO Representative
Diego Tavares Da Silva - OpenCue Representative
Jonathan Stone - MaterialX Representative
Ken Museth - OpenVDB Representative
Nick Porcino - Universal Scene Description Working Group Representative
Rachel Rose - Diversity & Inclusion Working Group Representative

Industry Representatives

Jean-Francois Panisset - Visual Effects Society

Non-Voting Attendees

Non-Voting Project and Working Group Representatives

LF Staff

David Morin - Academy Software Foundation
Emily Olin - Academy Software Foundation
John Mertic - The Linux Foundation
Yarille Ortiz - The Linux Foundation

Other Attendees

Tony Micilotta - Autodesk
Olga Avramenko - Imageworks - D&I WG

Antitrust Policy Notice

Linux Foundation meetings involve participation by industry competitors, and it is the intention of the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws.

Examples of types of actions that are prohibited at Linux Foundation meetings and in connection with Linux Foundation activities are described in the Linux Foundation Antitrust Policy available at linuxfoundation.org/antitrust-policy. If you have questions about these matters, please contact your company counsel, or if you are a member of the Linux Foundation, feel free to contact Andrew Updegrove of the firm of Gesmer Updegrove LLP, which provides legal counsel to the Linux Foundation.

Agenda

General Updates
- 2026 Security Reviews #1137
2026 TAC Priorities #1208

Notes

Please note: live note taking was not possible for this meeting, a complete attendee list cannot be determined after the fact.

General Updates
- Carol is now TAC Chair, Cary is co-chair
- Carol: D&I review pushed to next meeting
- Emily: Open Source Forum
  - Feb 26 at Bronson Studios Netflix
  - CFP closes on Sunday
  - Theme is new technologies impacting studios, looking at trends, AI, ML, Virtual Production, output from ML WG
  - Call for Proposals Link
  - Please get in your call proposals.
  - Larry: ML WG preparing submission on DNA
  - Ken (chat): we could give an update on the ML extension to OpenVDB (dubbed fVDB). Is that relevant? Emily: yes, please submit to CFP.
  - David: as we consider year ahead, AI and ML are big drivers on innovation, but want to ask the TAC if anyone has noticed some other new technologies that are coming in to play, impacting studios. Anything new that is appearing, making a change in the work you do?
  - Eric: over past 18-24 months have seen stuff in the landscape of video codecs, OpenAPV as part of ASWF, HTJ2K in OpenEXR, a lot of conversations around this stuff. This has been top of mind for me, may be an indicator of what people in the industry are thinking. Larry: how do you see direction this is going? Eric: not sure, AVID has been putting more investment into DNxHD, don’t know where it’s going, when we look at our field, the video codec field has been stable for a very long time. AVC starting to drop off in streaming, which has been in use for 10-20 years, now AV1 replacing it. Also IP encumbered vs open codecs. Not sure I have anything specific, but there seems to be more fervor in this area than in the past. Not sure if we should be trying to create clarity in this space. Discussions could be useful to industry as a whole. This shift may mean fragmentation, which is frightening, but maybe we end up in a better place.
  - David: Alex Arango showed demo at OpenAPV TSC of how they used it for mipmapped video. Alejandro (chat): Tiled Mipmapped Video” playback using OpenAPV. One 12K UHD and twelve 4k UHD concurrent videos playing in Unreal.
  - Alejandro: we used OpenAPV to store mipmaps of source video and tiles, only read from disk and decode what is visible and sampled by GPU. Makes it efficient to play back very large videos. Eric: it was a great demo that demonstrated the way existing codecs aren’t addressing some of these interesting use cases, especially for virtual production. Larry: was this recorded? Aljandro: no, but see video link above. David: would be valid proposal at the forum to have presentation around this forum.
  - Larry: for NDA, it’s different from other projects since it’s being built from scratch. The dynamics of that project are unique, even in our existing projects or WGs, if you’ve stumbled on a new way to work that deserves wider exposure, that could make a good talk, especially if you are doing something quite different.
  - Larry: does RMTC have something to present? Larry: I don’t know. Since they are WETA led, it may be challenging to come to these meetings in person or due to timezones. May need to work harder so they are in the loop. Carol: we will have o reach out to them. David: RMTC is hoping for collaboration from others, but don’t know if there’s been collaboration between studios yet, so seeking it at forum would be good. Carol: there’s been progress, but it’s slow. If they can get something together for the forum, it’s a good audience.
  - Carol: we’re talking a lot about AI / ML, but want to make it clear it’s not the only thing we are looking for at the Forum. “New Technologies” is very broad, so “your new thing” can still fit, codec example is a good example. Think broad!
- 2026 Security Reviews #1137
  - Carol: we want to do 2 more this year.
  - We did OpenEXR and MaterialX last year, learned a lot, can we learn more. We will hopefully go in more informed. Open to projects to volunteer, we have a couple of mind otherwise. Not a small amount of work!
  - Cary: It’s not zero work, and will be project depend. OSTIF did the majority of the work, we met with them briefly, they gathered the info they needed from documentation and code. You need to be prepared for some work, but it wasn’t that much. It might be worthwhile to consider a different kind of project than OpenEXR. They went deep into the C++ code looking for buffer overruns and such, we don’t have credentials, so analysis of a very different kind of project could be interesting.
  - Carol: we were discussing this last year, we thought about OpenCue, would be a very different code of project. If OpenCue is interested, would be interesting to use a very different codebase.
  - Ken: is there a takeaway? Would be good to have a document as to what ended up being changed, and maybe we can do some of that pro-actively? Carol: Cary posted projects to a number of projects. Cary: they wrote up a detailed report. Substance was an analysis of the vulns they uncovered, basically bug reports and stack traces, and Kimball fixed them. My criticism of this process is that it was an analysis of a snapshot of the codebase, they found 4 bugs, we fixed them. An upcoming commit could introduce new ones, and what did we learn? What we learned is that experts perused the code and only found those.
  - Larry: OpenEXR started off 3 steps ahead, with the project being fuzzed, so a lot of these kinds of issues may have been fixed. I was hoping to come out with more of a checklist that could be more generally applied, how to think about the threat models, and what to do about them.
  - Carol: this is a learning process, we did it once, let’s do it again with 2 more projects, let’s see if we can improve on what we get as a return on investment. At least we get a good knowledge of a project snapshot, may be more useful for other projects than for OpenEXR. Could be good, or bad! We discussed it in context of OCIO, it may find a lot of stuff, which could affect project resources. How is OCIO used, and how much of a priority is it for a project. Larry: we’ve been asking project owners who wants to volunteer, but also look across the room, including software vendors, if there is a project that you think it should be audited based on your usage and the envs it is used in, you can request it be audited.
  - Christopher: we’re using a third party service? John: We’re using the Open Source Technology Improvement Fund - OSTIF. We work with them to help figure out initial scope, then they bid it across security auditing firms, and figure out which one makes the most sense, then they project manage it. Professional firm does the work on the back end. Larry: so many of our packages were designed / implemented “behind the firewall”, never had to consider bad actors or maliciously crafted actors. Just a program crashing! But now they are showing up as components of other projects.
  - Michael Min: with code bases changing all the time, there’s a risk that the “old school” thinking of having agencies auditing, now that we have LLM generating code and reviewing, unless we have a good threat model, we’ll get different results each time. What shared threat models are we concerned with? Do we use ThreatForge? Whatever agency we hire, we need a common basis for threat modeling. There is now a lot of LLM assisted threat modeling. John: tools are improving in this area. Each project, all in the “same” industry, they are all different in how they are used. Threat models will be all over the place. We need to match expectations, we went through this one, may not get what we expected. So we may need to be more pro-active, make sure we get what we expect to make these more useful. Let’s use learnings to do it better the second time.
  - Carol: unless someone wants to volunteer this time, we don’t have a ton of experience, if we want to approach this a different way, we would need to figure this out. The current service is available to us, so is it useful right now, even if not necessarily future proof. If your project wants to participate, that would be great.
- OpenPGL Project Vote Update #1238
2026 TAC Priorities #1208
- Larry: started best practices documents in the tac repo, take things that what projects learned on how to operate smoothly, seeded it with a document I had written about code review policies, put some placeholders for other policies. Hoping others can pick those up. Some of the more recently joined projects don’t know what to do, how the CI works. Older projects have worked those things out together 6 years ago, but we never wrote down all the methodology. Lots of room to document that.
  - ASWF Project Best Practices
  - John: also gets deployed to the TAC Web Site
  - Larry: you can just submit PRs with text in Markdown files, doesn’t have to be complete. But most are empty right now.
- John: anything else “tactical” we want to see done in next 12 months?
  - Carol: talked to Cary about this, we may have some bandwidth this year, launching programs like SLP, Dev Days, ways to get folks involved and contributing to Open Source and ASWF. These are good goals, but follow up is how do we get these folks contributing to projects, on a longer term basis. How do we get someone contributing to Dev Days to contribute going forward and involved in ASWF. Karen and I have been talking a lot about this, as well as with Cary and Larry. Considering some ideas, not all are fully fleshed out. Want to have a team of people and a program who has this responsibility. How do we follow up after SLP / Dev Days, so we can “capture” these new contributors, keep them involved. Conversion rate will be lower than Dev Days participation rate, but currently we’re not doing it, so we can improve. John: how do you get a 1 contributor to become a regular? Carol: even simpler, we should follow up with contributor, which is a baseline effort. It should be up to a project / project lead to communicate with contributors, but maybe we can help. Also involve people who want to be involved with ASWF, not necessarily as code contributors.
  - Olga: we don’t always have resources in Dev Days group to follow up with everyone, so conversion rate is low. Also projects may have a hard time following up, which can be done with non-code contributors.
  - Cary: also preoccupied with succession planning, not just how do we find contributors, but also project maintainers and owners, who will replace people who have a sense of ownership, how do we cultivate people to join and step up to that kind of level. Also for priorities, we need to identify and analyze our problems.
  - Karen: from SLP perspective, I agree it needs to be a top down approach, but bottom up is important to produce junior talent. But also the gap between end of SLP / Dev Days, how do we get them to be interested and come back. This could also speak to higher level folks who might have vested interest and want to contribute at higher level.
  - Tony (chat): do we have an existing priority list carry-over from last year? John: TAC issue 972 Carol: last year we did a poll and kept it open ended, then Larry and I took that, and also let us be guided by external priorities. An important point is better coordination between projects and interoperability. Some projects cross over better than others. We tackled some low hanging fruit last year. It was the highest voted item last year. Another point on that list is aligning dependencies between projects outside VFX Platform. Larry put together a spreadsheet VFX industry build matrix which we want to update. We should all be updating that spreadsheet.
  - Tony: what about issues with Qt? Carol: no progress, we had a bit of discussion. We need to figure out how ASWF could help, except for keeping up with recent version. What would be the angle we can put forward? A Qt replacement would be a lot. Or basic implementation / how we use it across projects. Tony: looking at non commercial use, how we have to backport fixes from commercial to non commercial, we’re all the same thing, even internally at Autodesk. We have one team doing a version for VFX Reference Platform, but should be bigger than that. Larry: USD WG provides a model for that, which is concerned with a project that isn’t in ASWF, but we needed to marshall resources for the good of foundation members and projects. Maybe Qt is similar, work could be done surrounding it. But as usual, it needs someone to step forward and take ownership. Carol: we could set up a general interest meeting on ASWF calendar and publicize that, see if enough people show up to submit a WG proposal. Would have to be drive by current members, but would be happy to support it.
  - John: any infrastructure things projects need: hardware, tooling, build targets that projects need? Larry: seems a no brainer to stand up a limited time WG, can turn into a longer term WG (back to Qt). Carol: at least a get together to write out the problems. Larry: if one of the DCC vendors at the nexus of maintenance and licensing might be in a better position to coordinate it, rather than studios using it internally, and may not see all the issues. Rebecca (chat): WDAS may also be interested.
  - Carol: keep thinking about 2026 priorities, the poll last year was helpful, came up with lots of ideas, many remain to be tackled. May not want to add a ton more to the list, will want to look at priorities throughout the year as to what the TAC can be helping. This is what these meetings are for!
Carol: make sure you don’t filter all your GitHub emails to spam, since we use GitHub issues to communicate.
Yarille: OpenPGL project vote has 17/28 yesses, so if you haven’t voted yet, please complete, but we have 17 in approval, just waiting for a few more people to vote. Carol: usually we try to get these done quicker, but it started just before the holidays. Please vote, we would like everyone to vote. My expectation is that you should vote on everything as a voting TAC member. Usually our timeframe is 2 weeks, we’d like not to have to chase down people. The LFX system is quick, and you can vote abstain if you want. I’d rather have an abstain on the record than a no vote.

Next Meeting Agenda

General Updates
New Project/Working Group Proposal: New Project Proposal - VUE and PlantFactory #1059
Annual Review: D&I Working Group #473