Amir Montazery <amir@xxxxxxxxx> writes: >> There is no "community meetings" other than the informal "stand-up" >> irc discussion that is biweekly. The log of the latest is at >> https://colabti.org/irclogger/irclogger_log/git-devel?date=2022-07-18 >> but generally speaking we are not into "synchronous" communication. The next one is on Aug 1st, it seems, according to https://tinyurl.com/gitCal The Git Standup is currently happening every two weeks at 18:00 UTC in the #git-devel channel on irc.libera.chat and its log can be found at https://j.mp/gitdevlog Coming to it may be a good way to "get to know" some folks who work on the project. > ... If anyone is interested in providing some direction > or help with the source code review, supply chain security, or > customizing a new setup of CodeQL for git, please let me know. All new code (with a small exception) go through the patch review on this list, so reviewing patches posted here and archived at https://lore.kernel.org/git/ with special focus on the security aspect (which is the forte of you folks) may be great. A patchwork instance that captures the traffic can be seen at https://patchwork.kernel.org/project/git/list/ I am not sure what the best place to start in auditing existing codebase, though. Even though linking with libraries that are unpatched for known vulnerabilities and/or are compromised would be a problem for end-users, because we as the project only make sourc releases and do not make binary distribution, supply-chain issues may not be as big an issue to the project. Our friends at the "Git for Windows" project does one for their platform, and may use your help in the area, though. Thanks.
