# 7/11/2019

### Agenda:

* Azure progress
* SonarCloud progress
* CMake refactor:
  * Does it addresses the open “CMake” Issues? OK to close?
  * Ready to document?
* CVE/bug progress
* Google OSS-Fuzz integration?
* Release prognosis, how close are we?
* Review issues needing attention

### Discussion:

* Azure/Sonar Cloud
  * Underway, Christine is setting up account for her own github for testing.
  * Need to create accounts for openexr/awsf ultimately
  * ASWF has accounts to use

* CMake progress
  * Kimball’s got a rewrite up for review
  * Simpler, removed some options, consolidated into a single file
  * IlmBase and OpenEXR are their own projects, using find_package as
    appropriate
  * Added a root “super project”, it overrides find_package using the
    current cmake idiom
  * Added config.cmake files for install automation
  * We will give it a spin, and Cary will write instructions

* Issue backlog

  * Cary’s polling open issues where it’s unclear if an problem still
    exists. If the issue author doesn’t respond in a week or so,
    closing with an invitation to re-open
  * Out of memory bugs could be addressed by pre-emptively checking
    too-large image open requests, and capping the maximum image size.
  * Table allocations could be made on demand, rather than on object
    construction. See issue 245

* Release gate factors

  * CMake rewrite
  * Someone needs to vet the autoconf set up to make sure it’s all
    still functional
  * Security vulnerabilities are the top priority for the next release
  * We can announce an upcoming release at Siggraph, rather than
    rushing to get a release done

* Google Autofuzz

  * Clang tidy - consensus: thumbs up
  * CMake option, OFF by default
  * Sonar - consensus: thumbs up
  * Autofuzz - consensus: decline on the grounds that we take security
    seriously and have invested in a fuzz test that we’d prefer to
    keep investing in.