BRIDGE: https://zoom.us/j/661303200?pwd=TFdRd0c2MTJUem8xa252UGJHTE1Mdz09
Passcode: 209247
We will start our meetings by mentioning the project's Antitrust Policy, which you can find linked from the LF and project websites. The policy is important where multiple companies, including potential industry competitors, are participating in meetings. Please review and if you have any questions, please contact your company legal counsel. Members of the LF may contact Andrew Updegrove at the firm Gesmer Updegrove LLP, which provides legal counsel to the LF.
Attended | Proxy (w/ @name) | Holiday | Did Not Attend |
---|
...
Time | Agenda Items | Presented By | Presos/Notes/Links/ |
---|---|---|---|
60 | PTL UpdatesIntegration | ||
30 | PTL UpdatesA&AI | Removal of "sensitive information" - FW: IT-22177 AAI Cacher Git History Removal
| |
10 | Release Status | See weekly release management update. Chaker Al-Hakim need your attention on these issues Please attend the Honolulu retrospective at next week's Dev & Test Forum! | |
5 | RelEng/Infrastructure |
| |
5 | Subcommittee UpdatesArch, Ctrl-Loop, Lab, Modeling, Seccom, Requirements | Chaker Al-Hakim | Status of Istanbul Arch reviews |
5 | LFN Cross-Organization UpdatesMAC, SPC, TAC, EUAG, LFN Board | Brandon Wick |
|
5 | LFN Cross-Organization UpdatesMAC, SPC, TAC, EUAG, LFN Board |
| |
5 | Task Force Update |
| |
10 | TSC Activities and Deadlines | TSC 2.0 Kenny in the process of translating the agreements into a version of the Progress on ORAN SC/ONAP Formal agreement (Ongoing) | |
5 | Upcoming Events & Housekeeping | Kick-off Honolulu Awards pretty soon 2021 LFN Developer & Testing Forum June - Register to LFN Developer & Testing Forum June Proposals: 2021 LFN Developer & Testing Forum June January DTF: virtual or F2F is best? ONESummit - October 11 - 12 - Call for Proposal - Deadline: June 20th, 2021 |
Action Items
Zoom Chat Log
...
06:56:53 From Kenny PAUL (LFN) to Everyone : #topic rollcall
06:58:58 From Alla Goldner to Everyone : #info Alla Goldner, Amdocs
07:00:10 From Ranny HAIBY (Samsung) to Everyone : #info Ranny Haiby, Samsung
07:00:19 From Fernando (Fred) Oliveira to Everyone : #info Fred Oliveira, Verizon
07:00:24 From Dong Wang (China Telecom) to Everyone : #info Dong Wang, China Telecom
07:00:31 From Jason Hunt to Everyone : #info Jason Hunt, IBM
07:00:40 From Timo Perala (Nokia) to Everyone : #info Timo Perala, Nokia
07:00:47 From Catherine Lefèvre to Everyone : #info, C. Lefevre ATT
07:01:01 From bin.yang@windriver.com to Everyone : #info Bin Yang,Wind River
07:02:34 From SaiSeshu MUDIGANTI (Huawei) to Everyone : #info Seshu, huawei
07:02:37 From Eric Debeau to Everyone : #info Eric Debeau, Orange
07:02:42 From Srini Addepalli (Intel) to Everyone : #info Srini Addepalli, Intel
07:03:11 From Yuanhong Deng to Everyone : #info Proxy of Lingli, China Mobile
07:04:16 From Ciaran Johnston (Ericsson) to Everyone : #info Ciaran Johnston, Ericsson
07:12:23 From Morgan Richomme to Everyone : seccom has a repo: https://git.onap.org/integration/seccom/tree/
07:15:06 From Catherine Lefèvre to Everyone : can you move to update mode so people can see the notes? thanks
07:15:10 From Catherine Lefèvre to Everyone : @Kenny
07:25:05 From Morgan Richomme to Everyone : https://docs.onap.org/projects/onap-integration/en/latest/integration-missions.html
07:56:25 From Olivier Phénix (Bell Canada) to Everyone : I was asking the question because it feels like no matter how much we try to trim down the role, the integration PTL/team always acts as the "default gateway" for anything that is cross-functional (as Morgan is explaining).
07:59:28 From Olivier Phénix (Bell Canada) to Everyone : @Morgan your analogy is bang on with the SREs, and the same happens: they end up being involved in everything and being the default "go to" people for everything that does not fall neatly in the responsibility of a team
07:59:40 From Olivier Phénix (Bell Canada) to Everyone : This is one of our struggles internally as well
08:01:56 From Jason Hunt to Everyone : I don’t have enough expertise on this to prioritize tasks, but I would suggest expanding on the tasks listed here. Could we have each one writtten as a mini job description: tasks, skills required, expected commitment? That might help people decide if they could help pick up some of these tasks.
08:03:36 From Olivier Phénix (Bell Canada) to Everyone : My apologies, I need to drop a bit early today, need to take over from my wife to take care of our daughter who got sick
08:13:17 From Sriram Rupanagunta to Everyone : Hi all, it was not clear if there will be time on the agenda for the Docs update. I can give a quick update here and follow up on the email if needed. We basically completed the pending items (which we reported in the last update), and all our changes are merged in either Guilin or the master. The last change whih got merged was vFWCL deployment tutorial, and here is the link: https://docs.onap.org/en/latest/guides/onap-user/vfwcl-deployment-tutorial/index.html
08:29:17 From Catherine Lefèvre to Everyone : sorry Sriram - I was not expecting to open a big discussion. Would you be available on June 17th. I will ensure we kick off this topic prior M2 Instabul? Is it acceptable?
08:32:02 From Timo Perala (Nokia) to Everyone : Apologies, have to leave the call now.
08:34:03 From Amar Kapadia (Aarna) to Everyone : Yes Sriram or I will join on 17th.
...
Zoom auto-transcript service - These are often translated incorrectly and can be misleading. They are NOT Authoritative! Information as to why .
They are included here as a time stamp cross-reference for the recording only! The notes above this line and the actual recordings are authoritative.
07:03:45 Okay, the recording has been started.
07:03:59 I have the transcript going transcript is right over my
07:04:05 stay muted, unless you're speaking. That way we don't hear the kids dog lon more annoying neighbors.
07:04:16 The fact that you're actually streaming a YouTube video, and all of that.
07:04:22 Well if you're on the phone you can use star six to unmute yourself if you send me a private chat message it'll become part of the public record.
07:04:29 When I cut and paste everything into the minutes.
07:04:36 Here, and as always, we'll start our meeting by mentioning the projects any trust policy. You can find this link from the elephant project websites policies important or multiple companies, including potential industry competitors are participating in
07:04:47 these meetings. Please review if you have any questions please contact the company's legal counsel, members of the lF may also contact Andrew Grove from gizmos appt Grove LLP which provides legal counsel to the lF.
07:05:09 When the agenda wise.
07:05:13 Want to talk about integration. We have a request from the AI team that we need to discuss release status, David got the links there. If you have any questions, real edge if needed.
07:05:33 We should be covering the view of the documentation so WC if there's any Mac SBC UAG or updates, things like that.
07:05:49 touch on the task force to see to Dotto I will
07:05:56 just mention that quickly. I'm still going through the
07:06:02 doing a red line of the existing community document, and then once done I will post that for an email vote.
07:06:11 And then talk about the developer event anything else anyone needs to ask.
07:06:21 Talk about.
07:06:21 Okay, if we have. So, Kenny this sugar if we have like five minutes at the tail end of the meeting, I'd like to give an update on where we are with the architectural reviews for the sample release.
07:06:37 Thank you.
07:06:40 And I know it's in the, in the agenda.
07:06:44 I also want just to thanks again Timo no honey to be or elephant even representative.
07:06:51 And everything is ok for next week, honey and demo.
07:06:58 As far as we know, everything is scheduled and an application to the presenters went out.
07:07:05 Presenters Still have questions, please feel free to reach out to Tim and myself and we'll do our best to help you.
07:07:15 Any questions from the team to Team oh no honey, all good, as well.
07:07:25 Okay, so let's kick off the agenda.
07:07:30 Just a reminder.
07:07:32 After three good season three good release McGann notify us that they would like to sit down, as the integration of BTL.
07:07:43 He has extending it Monday up until mid June, so it's still helping us behind the scene.
07:07:50 And we decided with the TC that we should indeed have you the scope of the integration team to assess what we really need to do to move forward, because we recognize that the integration project has been adding significant value.
07:08:08 Since the inception, and particularly over the last three days with lot of getting automation improvement
07:08:18 driving us to the next level of quality.
07:08:22 So, we don't see a lot of updates, and I would like to take at least 30 minutes on this bridge to finalize what the expectation of the own up to you see with the remaining committees and contributors.
07:08:40 For the integration project.
07:08:42 And based on that we really don't define the type of profile that we need to support the integration team.
07:08:51 And I think you're posting at once more to see if there's any company would would be interested to lead the integration activities based on what we are defining know if you're interested, it is your ends of conducting us, because we really need to fill
07:09:12 up this gap
07:09:16 through open for discussion. I think any is no sharing the school. Right.
07:09:24 Oh, four items, and also other consideration.
07:09:28 Because the integration team was doing much more than what we sold the consideration we can have a quick save you.
07:09:38 was that maybe some integration activities will be delegated to one to the security subcommittee, especially to update and provide some feedback on the security test.
07:09:54 Another aspect was to update the recommendation the weaver that we receive it already in place, or a bulldozer needs, and provide baseline image, a recommendation as well.
07:10:08 Okay.
07:10:10 We continue to rely on our use case requirement maybe I should change the terminology because now we are speaking about you skate feature and spec.
07:10:22 We define what was we had what was the expectation of the use case feature spec lead. It means when you have a one of these requirement we expect that you deliver automated tests and you have all the testing, they have dedicated staff for the requirement
07:10:41 owner to track the testing activity. So somehow it's already in place, but I know the integration team was also summarizing the activity for minutes I see, there was a request to LA to manage repository.
07:10:59 I mean, especially when we have new computers, or when we have commuters who are disappearing.
07:11:05 And then the CA management Jenkins was originally old fully supported by the end of it, then later on some integration members, was also interested to build some drinking drill.
07:11:20 So we probably will go back to what we did before, and let the fit, managing the, the CA management project.
07:11:31 There was also the concept of hosting the baseline because the sitcom has not really any repository.
07:11:38 And just a place where we all the baseline.
07:11:43 There is a note here because discussing furthermore with some sick gum representative.
07:11:49 We were thinking to also discuss this topic at the task level.
07:11:54 The reason is we are probably all using the latest jog of his shirt. Bobby all using the latest Python reference.
07:12:03 And we wanted to see if there is a way to normalize across all the open source projects, it's a it's a suggestion. So Amy nicely with or elephant no commuters representative will bring that to the tech team to design it just to give you an observed.
07:12:25 And we will also have some discussion with all the project team so it's not only a know nap concern, it could be broader than that.
07:12:33 And in find any.
07:12:38 Something that you were already doing partially as part of the ppl Cole.
07:12:42 The release candidate resting version tracking my apologize I don't know what it was before because it's also, it's already David, with mon shining sec one sec to whatever as part of the planning, and the task on the sign of also something that David
07:13:13 is doing so. Have you any question concerning the consideration the suggestion made by the integration team before we look at the four items on the list of remaining critical activities for the integration team.
07:13:31 Let me just some precision so just to mention that second as a repository so that's where all the recommended versions are on where all the waivers are our store.
07:13:43 So they have one repository today, and the 7.7 precision is regarding the version tracking.
07:13:50 What I was mentioning here is that I have to check regularly especially when we're coming close to the release the reality of what is deployed so I know that David's creating rest of JIRA for the milestones and we have all these verify readiness Docker
07:14:09 version, but that's only declarative sources.
07:14:14 I spent, I used to spend some time. Just checking that what was said in the jar was a rarity and it was not always the truth, meaning that there is a massive gap between what is plan on what is really into ready so for that we have in our daily job and
07:14:33 we are able to a snapshot also took action.
07:14:37 But, to see if everything has been delivered, we need to compare to what is expected.
07:14:43 And that also we can see that some projects.
07:14:48 I've noticed no change since one or two release what can see that concretely in the console. I plan to improve that to automate that because as we have the daily version of the Doctor, what is missing here is a sort of dashboard, just showing.
07:15:05 When the fashion are changing now. So some things that would be helpful but that would come directly from from the code. And so far with as was doing is, I was just using an Excel file and I was reporting observation from the test to excel file on was
07:15:22 comparing def today if things were changing on the twist quite time consuming, but it was really, really striker the vessel tracking based on the color.
07:15:42 But it was really, really striker the version tracking based on the color.
07:15:42 Okay, I'm trying to. So, I've tried to update, based on your feedback Morgan thank you so much for the clarification. So, is there any additional concern or above the consideration because I think it will already ease the life of the integration team
07:16:04 and I don't think that these guys really, if we split it is really an override.
07:16:12 And I want to be sure that people feel comfortable with it. So I want to make sure that the community as an opportunity to update but I definitely have some, some comments on this.
07:16:25 I wanted. When I read this and Morgan see whether it's a good analysis but I'm trying to understand so there is a suggestion to move some of the responsibilities to set Carmela fit in the release manager, but they haven't heard from Amy, Jessica and David,
07:16:43 David, if they're willing and able to assume these responsibilities. I mean, as long as it's covered. I personally don't have any preferences, whether it's the integration team or second, I love it or Beijing, but we need to hear from them.
07:17:01 Just to remind This is a complex, this was this was a proposal, because when the TC joined the integration meeting.
07:17:11 They saw that their computers in integration today, several kilometers. So, that's how the project without computers.
07:17:20 Several computers so that's how the project without computers. That's a project with computers but as we have lots of task and people don't feel confident to to be the PDL because there are lots of things to do.
07:17:32 And the suggestion here was more to say okay we can probably decrease the load on the shoulder of the, of the integration period, especially that some of the test I mentioned here, and not necessarily pure integration Tasker, and it caused quite a lot
07:17:52 terms of timer. And if we could, for example, I was just mentioning mentioning regression tracking. So session tracking looks like something for the reason manager but so far it was mainly based on the GR, and the declaration, then it will require to
07:18:08 do extra processing, we try to automate that but if it's a domain of course it will be easier I know that very frequently, David was mentioning the link, it was to have a dashboard or a timeline, regarding the evolution of the score.
07:18:22 But typically, that kind of sin could be offloaded and not necessarily integration picture that has to check all the Russian inside the Docker on all the day.
07:18:34 And I agree, for example fit as a proposal.
07:18:39 The management of the info channels at something that is imposed by zoom.
07:18:43 Just tricked you on the way we are working today.
07:18:46 And one of the problem of integration project is we have more than 2020 repository.
07:18:53 And we have no notion of heritage.
07:18:56 In terms of rights. It means when I want to add a new computer when I want to remove a computer I have to, to, to create 20 commits in order to a Mondrian for the camera on to 1220 workflows.
07:19:11 So it's very time consuming. If you look at what is done in GitHub GitHub organization, you have a notion of group, and then it's a couple of Christian have managed to create and to irritate all the right from report to the group, it depends.
07:19:27 So these kind of things of course we can do that same for the Jenkins, ci we were asked by lots of. We are still managing from hoses she is it tests, we have saved since I sent to the options that we would like to see this code, which is not integration
07:19:43 but functional tests, being managed at the project level, because we have no added value to do that.
07:19:50 but it's still not done for all the project. So it means that regularly so that last time it was a less a step down from from the project but we had to clean up all the repository because we were still testing Casablanca because people are not taking
07:20:09 care of that because they believe it's integration, and it could be also a flooded. I'm concerned No it's not, it's functional test from the project, it's up to the project manager, so he has that was just proposal you know to reduce the scope, because
07:20:22 I think historically integration was doing lots of things probably too many things, corresponding to different possible projects with my devices a little bit, but I agree.
07:20:33 It's not easy file fit.
07:20:37 It's, it's, I would say that okay we are not just providing a service we we don't really look into the range of the project. So, what does it mean we can create a ticket on just update to 20 repository for me.
07:20:51 We can do that.
07:20:52 I'm not sure it's the right way but at least it will reduce but even with that.
07:20:59 That's what I said to Catherine last time. I'm not sure that regarding the scope of the project, and the fact that this position requires real full commitment, not a 200, foot view I'm not sure that from my existing computer, any of them would take the
07:21:24 position because they are integration is on the 50 maximum of their agenda is to kind of be fully committed, and then to problem for them.
07:21:29 Yeah. Thanks for clarifying Morgan and those are my colleagues and I talked to them and I know they came up as you said take this responsibility because of the scope, but again, my question is whether the things you're supposed to offload to set Chrome,
07:21:57 is there some confirmation from the second that they're willing and able to take this responsibility. that's my question. So that's why my discussing.
07:22:16 Good question with Sonia proposer from the, from the GC on your right, we must have agreement from from sick gum and if it on those us but if we believe, as it Yes, Jesus is a good recommendation solely up to us or so to, to go to watch this proposal.
07:22:24 Yeah. Okay, I see your point I mean, again my person, personally I don't mind whether these tasks are, as long as they're handled I'm okay with it, but yeah that's open it up for discussion.
07:22:37 Sorry, I got my clarification Thank you know, if we know if we believe these stuff, have not needed. We can always tie them but the way this position was visit one considering already some advice from the integration team and, in particular, Morgan with
07:22:59 a good view of what's going on.
07:23:01 And then the floor for items.
07:23:08 Again, it's only an extract of all the activities that have been before. We need to be sure that we only need that, or did we miss something. So it's really open for feedback, we have to define the scope and then again, see if it makes sense or not.
07:23:26 So now I'm going back on the four mission, under group.
07:23:41 I've had it.
07:23:43 If I remember the last line, because I get some feedback from project team that the integration team had the whole to provide the last month to support the use case feature.
07:23:57 So that's the changes.
07:24:00 If we compare what I was publishing, more than one week ago.
07:24:05 So first of all, is any feedback about the, the full mission under code, or is there already, a concern.
07:24:22 Does it make sense.
07:24:27 Just to mention that in the official integration documentation I think since it was released, there is a section dedicated to the missions I think released more than that but of course it depends on CSE to to decide what other minimum missions.
07:24:43 But we released. So I need to find a link. I can provide you with this I think even more on that.
07:24:53 Fine.
07:24:56 Yes integration missions.
07:25:00 Yeah, not so many but we have. Yeah, i would i would put into the chat.
07:25:04 So that's been a crazy section for for Gilliam.
07:25:12 And that's particular but buys a few items to your mansion.
07:25:16 Maybe one path, which is not mentioned here but it's not so critical. He says that we are creating also tests on.
07:25:23 So we are developing test.
07:25:25 So the use case are developing use cases. But since three releases we decided to develop use case specifically to validate on episode.
07:25:36 Until I think from thought we were validating or app on the through the use cases. And thanks to the check the default the checks that were used, but it was decided to create a set of basic tests that were checking for examples onboarding checking those
07:25:54 institutions, using the academy pm and using my Colby pen. So some things that are not really use cases. But that check on, give some trust for stability.
07:26:06 If you don't, and some components. And for example, add to clump path for the design of the loop, which is intact was pretty soon DCA.
07:26:16 This time on all these basic tests are simple test dedicated to an app.
07:26:22 We are using it for ci, because sometimes use case, a bit complex with this case of course we use case to you know to automate as much as possible. But the reason why use cases.
07:26:34 We are not presenting just a chance is usually because they use cases relatively complex recall simulator emulator specific environment. So it's not so easy to fully automate and that's why we decided to develop our own test cases in order to cover what
07:26:52 we believe it's critical. And since Frankfurt we increase them and if you look at this as it is today. We start with only one or two to test on today we have better coverage of course it's can still be improved unfolded with developers who SDK, that is
07:27:09 used in order to create a test so we have also really a an activity of test creation.
07:27:16 That could be easily split, we could have a project dealing with internal test integration we just do this integration, but be aware that among my committee us today from Matt, a former competitors.
07:27:30 I would say more than 50% out today, creating developing tests. In order to validate on up.
07:28:09 So,
07:28:12 I guess, let me shift gears a little bit and talk about the suggestion related to the elf.
07:28:23 it's absolutely clear that the work that is being done in context of integration and in the context of the responsibilities of the integration ptl are extremely broad and need to be somehow distributed.
07:28:48 I mean, the work that Morgan's done the work the integration team has done is has just been outstanding.
07:28:54 And the everything that the job that the integration team has come to represent needs to be somehow better structured.
07:29:11 With regards to just shifting workload, to the lf I don't, I can say, you know, very directly, that that's not the direction the governing board wants that's not the direction the strategic planning committees is interested in the, you know, the community
07:29:37 picking up responsibilities, is how we should be going one one board member actually referred to the lF is being used as a crutch
07:29:51 by the community so I appreciate how it seems like you know the load getting shifted to the lF would be the thing to do.
07:30:03 but it actually, it absolutely goes counter to what we as a global community should be doing the work needs to be picked up, should it be picked up by the lF, that's a question that would need to go.
07:30:21 Be escalated up the chain
07:30:25 and but before with Kenny.
07:30:30 I know when I'm not.
07:30:32 I'm not saying that's the next step.
07:30:34 Yes. So I want to be clear, I'm looking at that, at the escalation level because if we don't know what to expect when you own the de escalate. Right. So, we are eating today.
07:30:48 So, we are 18 today. Soon we will be 22, tsp members, right.
07:30:51 So there are really opportunity for the TC member to play a great role as part of your opportunity you see, it's time we take a little bit, there is an opportunity to do better.
07:31:04 But today we are 18, minus four, or minus three, and I forget to go. So, out of the 200 cc, what do you think that's really might be back because I don't want to continue to drive direction on my own, right this proposition has been sent more than one
07:31:22 week ago.
07:31:23 I would like to know.
07:31:25 Are we going in the right direction or not today.
07:31:35 Again concern I think Kenny touched on the point that I was trying to make.
07:31:52 It's nice to make suggestions to offload things from the integration but if the suggested party that he was supposed to take that responsibility is not able to do so, or it's not part of your dirt, kind of jump statement or whatever.
07:32:01 Then, we cannot do it I mean we need to have to find the party that is willing and able to take this responsibility.
07:32:10 I understand, but the first question we need really to answer.
07:32:14 Have we do High School.
07:32:16 Okay, maybe I kick off this conversation wrongly, because I was highlighting the consideration.
07:32:23 Do we need all of these things in on the speech, including what we have assigned to say calm and if I didn't use the manager does the first question if you don't define the scope.
07:32:33 We are may be discussing India.
07:32:40 So what can we remove.
07:32:43 What do we need.
07:32:48 maybe we don't need all of these things.
07:32:51 And we are discussing.
07:32:54 I mean repository management that's, that's a given that's required.
07:33:04 It's only one repository. So, no there there's,
07:33:12 there's a number of integration repositories.
07:33:20 I bought wildly depending on what you say so I don't know we tried them I was the baseline in mind, nobody's talking management, it's,
07:33:31 it's only adding and removing people.
07:33:35 Right, so
07:33:41 we need to create tickets anyway.
07:33:45 Potentially for that.
07:33:49 Well, no, that's that's the whole point is that automation and everything has been put in place, or projects to manage it themselves and their computer.
07:34:11 the major issues. We need to face and I see the four points you identify the Katrina yes we should agree on is that the TC first.
07:34:22 Because, as far as I understand, integration team here as a response to the responsibility to, to set that
07:34:35 one up solution end to end solution is working fine with us and it's very hard to keep this responsibility on the first two breaths.
07:34:54 Number one, two and three are keys to positive.
07:35:15 Folks are trying to talk, we are hearing nothing.
07:35:31 I'm just wondering how we should address this thing I mean those are the things that the integration team is doing and has been doing and we have a surgeon, really good quality of software coming out of a phone app, but if we start removing some good
07:35:47 things, then obviously will have lower quality software or we will be more challenging to release the software, I'm involved in another project, which I won't name not under the ls that doesn't have many of these things in place and surprise surprise
07:36:04 the quality of the softer is much worse than older, so I'm not sure that I know how to make that decision. I mean, we can prioritize maybe the things, maybe that could be one approach and say what are the must haves what are the nice to have right, what
07:36:23 are luxury or whatever.
07:36:24 Maybe that's a good approach and then we can, you know, cut it where we have the resources to handle and give up some of the things that we don't have the resources to have.
07:36:44 We can do it.
07:36:48 Honey, I think what it is on the stage is the must have.
07:36:53 But if it is, if there is something which is not must have, we can delete it.
07:36:59 What it is not on this page, which is already done by the integration team will become a nice to me.
07:37:12 Because when I agree with you and Steve, I just want to point out if this is already cut short of what integration team is doing.
07:37:19 So I would say this is bare minimum which is most critical for us to actually have it. I mean I agree with you totally that without this bare minimum points I think the stability of one app because on app is a memo that we are trying to fame right and
07:37:31 without this it will be still more tougher.
07:37:34 So prioritization within these four points if you mean, or you're talking in general, and I just want to understand your situation before.
07:37:42 I was trying to understand what is the, the TSA is asked to do here I mean if we say that all these are bare minimum. So, the discussions in the discussion is who should do that but I think country and positioned it as let's see if we agree that these
07:37:58 are things that should be done but if you're saying everything listed here is the bare minimum. Then let's discuss on how to share the load between integration CENTCOM ILF and whomever.
07:38:16 And that's what I'm driving on the fight is it this quick minimum.
07:38:21 And the rest is nice 12 or do I miss.
07:38:28 Do I miss the big box. Right. But that's what I'm trying to establish the school before we we establish the scope I understand that maybe sitcom The release manager at fit with put back, whatever.
07:38:38 But let's at least agree on the minimum scope and everything on top will be kudos to the team and nice to me. But I want to be sure I'm not missing something, which will degrade between owner Luis tombola Kelly Key will go 50 performed on, right, or it
07:38:59 will take, not only three months, right to stabilize it will take six months.
07:39:05 Okay, so that's what I'm trying to assessing on defining based on what I've understood from Morgan from the team from the project team, because I've been talking to a lot of people somehow.
07:39:20 That's my, my best proposition, but again, I'm not the only one to make this proposition and.
07:39:29 And if you have no idea so key as well but let's have an alignment ltse at the minimum.
07:39:38 I think that the first four points over to the stadium, what can you encourage me there is something that's just missing because I'm also be killed so I understand the criticality of it and I am already direction with instruction to follow these things
07:39:50 without them it would be really tough. I agree with Randy statement before where he said stability is critical output of integration d.
07:39:59 So, I would say personally that the first four points are bare minimum.
07:40:02 That's for sure to be with the integration team again I would suggest it to be for integration team. I'm not here to command anything or demand anything from anyone here.
07:40:11 But I would say what your food is pretty good on the first four points ecommerce something which we can actually have ads on it maybe me and we can actually come and more on that, and the remaining things that seems to be okay.
07:40:23 From what we do.
07:40:26 I think this this is I'm going to put it in short, I think this is a good split.
07:40:30 If anything else is missing on the first four points maybe Morgan can actually comment for Morgan over to you for that.
07:40:45 Lovely there.
07:40:45 Yeah, I'm here, I'm here, I say, Yeah, I don't know for sure.
07:40:53 We need to grantees quality of the release so that's the main point that are listed here. The makers of the mentors is also quite time consuming, but today you can see with the Wind River labs.
07:41:07 We are in the middle of I don't know precisely so so that's that's our but we are also maddening as a staging labs, which is used, specially when we approached the release of the time or so to create user and to maintain and to redeploy, even if we were
07:41:22 to mess it up since it was so important, especially for for the project, as you did for us so we know ingredient we need also to maintain this activity because otherwise, it means that we will will be blind a little bit beyond the automation chain we
07:41:43 have so I think it's important. I think the testing is also important for me to lose stabilize a little bit on.
07:41:48 If we just seem to what happens, regarding the issue we used to have.
07:41:55 I think the basic tests that were able to detect some regression so we need to adapt them or two, because we can see that there's a project.
07:42:05 They have their own account, but it's not enough to cover so that's why it's important to our for some testing pattern.
07:42:12 I don't know what is difficult to yeah the world is a bit, you know, each video has lots of things to do that's that's for sure. Integration also an integration problems that we are fragmented around lots of things.
07:42:28 So, the problem is that we are fragmented around lots of things. And that's why I say we need a full time job so we can we can reduce the scope but you know we are playing the fireman all the time so we were trying to to just cool down when it's possible and we started on your thing so so that's why it's
07:42:43 it's relatively existing.
07:42:44 And that's why I think all companies that are at the TC, and that are using an app in production are wanting to use an apple in production. We should have sort of yeah we should turn we know that at&t already.
07:43:01 So Brian was a ppl for for few versions, at the beginning. So I did that for free versions, probably we should share another sort of, I don't know. We should turn with people who are candidate to to use it.
07:43:17 And as I said for this next release what I said to my computer, I was ready to to really add them at least during the transition. During one release, because I know that it's quite a Navy worker, and so I was ready to be present, but not to do everything.
07:43:35 and the 2033 version is good because I saw that you are totally, totally existed. But I think the approach would be more to to find a way to dedicate one person because it's important and I think it's better to have somebody from the community rather
07:43:49 than relying on lF stuff, because I think it's better to our end users and people will try to put that in production.
07:43:58 So I, but regarding Zi time say i think it's it's medium today if we want to release, we need to really check carefully, the date he says no regression, we need to create the GR when we sort of the regulation.
07:44:12 We need to perform. So, 72 hours it's a bit historical, but we must perform stubby test for sure. And we can see today that the studies test shows that we are not really stable, we used to do very like stable stability tests.
07:44:28 In the past, we start doing some things that looks like more production ready stability test we started testing, but we need to keep that the probe is because we were able to detect lots of things and we just started the tuning of the database.
07:44:44 Recently, because we are able to run regularly the stability test, we need to continue with one to have something ready production ready.
07:44:55 The ci chance automation for the use case fully integrate today, because as I said so you guys are quite complex. So that's why we have to develop later tester, but we are in touch with the use cases because I think especially for the use cases that are
07:45:09 there for more than two or three releases. So it's a major use cases on the 5g say seeing Zm done so, I think we start already the journey for the automation but he of course, he will take several releases, we already started, we start getting the test
07:45:28 case now. So, it's about developed drink or no Lulu. So the idea was to start with doing something in Istanbul and probably mine check out that to have samples that run with the Russians.
07:45:41 So that's also, I think, important if we want to, to offer a nap out of the box with samples that can be easily replicable and I think that's really very important to promote an app.
07:45:54 Regarding the 5g context and also the discussion we may have that's really the path we should focus you, if we want to go further in terms of marketing.
07:46:04 And I said earlier that we have lots of admins, seeing some so.
07:46:09 So, second.
07:46:11 Frankly speaking, it's that's zero that 2% of time is only thing is really discuss with Amy is just, it should be more straightforward. It should be done directly in the repo so it's supposed to be have an interaction directly with the code.
07:46:27 Probably is most difficult is a baseline recommendation, but it's really I think it's even if we do that, we will not save a lot of time and fit so that the distribution, we can save sometimes significant of for the moment I'm for example, just postponing
07:46:43 my update of info channel because I have one Committee, which I stepped down as two new computers I need to do that but as I say, I need to do it, 20 times.
07:46:54 And so, it's two or three hours of my time.
07:46:57 And then we will have some issues getting it and we will have some conflicts and.
07:47:08 Okay, so that's possible so it takes me a lot of time, regarding the idea that I say bye. I understand what Kim said when you say because that's not the direction, but then there's a problem we have here is that we didn't choose the tools and the tools
07:47:20 that are working.
07:47:22 They have been improved quite a lot and thanks to Jessica, and our team, so that we have lots of automation now, but stealer. We're getting what we can see in other contexts, such as github.com or Keita.
07:47:37 There are lots of work because they are feature that I'm missing.
07:47:42 And then instead of three hour it could be five minutes, but if you have to spend three hours of course it's a lot of time we're getting all the activity you have to do so, if there's a place to to to, for example, if we would under us github.com for
07:47:54 things. We will inherit it automatically syncs on will stop adding that but it means adding to system so it's another story. It has been discussing tag for more than two years but I think there's a progress, a marginal in this topic.
07:48:09 I think there's a progress, a marginal in this topic. So I think, you know,
07:48:24 that out of the four points as a point before is where we don't have control because the lab is not in the control of the own app team right it physically require someone to go and sometimes do something. So that's where I see a dependency which is required
07:48:26 maybe we request
07:48:30 With regard to the lab, we can we ever see anything you need to bring in.
07:48:43 You got it, thanks thanks thanks.
07:48:49 Um, so with regard to the lab, we have received confirmation from Intel that they will be able to provide some hardware to us.
07:49:01 That work is going on in terms of finding a place to physically host the gear.
07:49:08 So Steve I are from the IT departments working on that.
07:49:14 But in terms of managing the gear from a from a sis admin perspective, versus, you know, boots on the ground in the data center to take care of hardware issues.
07:49:28 The systems administration responsibilities will still be that of the community and that needs to be figured out the lab subcommittee is kind of dead I mean breathing new life into that
07:49:44 could certainly help with regards to lab management.
07:49:48 Right getting that's a good point you made actually one thing I want to just take us, of all the activities which are listed on, on which were talking about bare minimum.
07:49:55 One thing which I have seen is, there's a lot of dependency on the integration lab.
07:50:00 And unfortunately, people who are not physically present there may not be able to solve that. So that's where I think maybe a lab management asked for something as you said, would be really helpful to have it.
07:50:11 Keeping running and there are two parts to it one is about the lab itself up and running and instead lab, the owner can be managed by the community with that really good way to handle it.
07:50:20 I'm using community documentaries integration team we actually take that part because Catherine to the point for we can elaborate it further.
07:50:30 That, I think there are two parts to it, more than you consecrate me there. One is about the lab itself up and running, and other is actually owner being installed in the lab.
07:50:35 So not being installed a lot can be with integration team. Again, as I said, but the lab management self may not be right thing to be an integration team, from what I see because there's some dependency on the physical presence and sis admin part I'm
07:50:54 talking about.
07:50:54 Reddit and I'm just trying to pick up the work which I thought was one moment right of course I be
07:51:01 somehow, the way it was done I mean, in the past when we've also Intel was managing the other way on Stephen goose right managing the VM so the OpenStack an integration was just coming after when it was granting.
07:51:15 It was deploying the lab and it was granting access to this particular lab so that's typically the organization we used to have in when we were under staging lab in Asia, something different that we have all the all the automated change so we can easily
07:51:29 redeploy on demand. When the data. So, on the access is also simpler because it just SSH key based on. So we have two legs we're getting some Wind River lab.
07:51:42 That is exactly executive exactly Oh, it was done before.
07:51:44 When I spoke about maintenance year, it was more really what we were used to do. I mean, sir, granting access re installing as a lab troubleshooting.
07:51:57 People have primaries are lots of making sure that use case that running fine, making sure that we use is running fine and also seem to want to make it explicit modern so that if anyone needs it.
07:52:13 Let's be explicit on those things right because otherwise it'll be a nightmare for someone who comes to you that's my whole purpose here. I totally understand what you're trying to say but I'm trying to make it explicit so that it's clear to everyone of us here what is the activity what
07:52:19 is doing, what is not.
07:52:21 And I think the point is can be brought maybe Kenny we can also think about that again, but if there are some takers maybe that's a good point that can be brought up.
07:52:30 I'm not sure if that will go out. As such, but we can still put it Kenny, maybe that's a good session to have a.
07:52:54 I mean, what was the name I forgot, any. That's.
07:52:45 Yeah.
07:52:45 You can have it as a proposal also.
07:52:49 And, and, maybe, maybe, quick a quick question, sort of taking a step back and I guess you're probably the, the person who would be able to answer this the best but do you feel that even with all the work that would have been redistributed or shaved off
07:53:06 the main responsibilities of of the integration project Do you feel that being the ppl is still a full day full a full time job because it's still is.
07:53:23 Despite this, sort of work that we're doing, then we're going to end up with the same problem where nobody is able to take on that amount of work right.
07:53:32 Yeah, you're right, you're right. It's hard to imagine that it could be a part time job because every time you you have some space for.
07:53:43 But you have no space because you can either moral stability or so it's very hard to to to say okay will only work part time and data. And you are.
07:53:57 You are contacted by a lot of people we can see that there's for example, stalking, is a good thing to have lots of new contact but we are interested very very frequently but you come up by the sweets important so in order to get to a 12 says a community
07:54:10 but I'm not sure, as I said, for me to it's a full time job.
07:54:15 And we should accept it. So we should accept that. It's a bit painful.
07:54:20 I think we should I would recommend to to to have it too 22241 PDL to be PDF integration during three three releases I think it's a good time to get some rest after that but probably we should share the pain around the people who are actively using an
07:54:39 app, and become the integration, responsible towards the TC under his manager, which we should have one person, I think I would recommend that.
07:54:50 I think it would be the best option because you are in the middle of the game, and if you want to do that properly, probably need to be full time.
07:55:00 And you can read bit of growth.
07:55:03 We can, yeah I don't know if we cannot do that.
07:55:18 Reducing the scope, as I said, I asked the question, to my computer, even six months or almost one year ago I'm concerned where that they were very good in one field so maybe it was some stability or maybe it was they were working on use cases.
07:55:27 But for example for support chain for whatever it seems that is transgressor without surprise it's out to find people for example for the support for the labs are the siia.
07:55:40 Finally, it's hard to find support. And if all the chains, step down, then you are blind, and it's a problem because there is a risk of regulation.
07:55:52 So, we are able to put in place some automation which is automation we are becoming a slave as his commission because we need to take care. As you know, for daily China.
07:56:04 For example, last week about three or four days of of Kelso, and it's not due to an app it's due to to raise your GitHub allowed you to an upstream date.
07:56:15 So, you have to be there all the time because it may happen on its independent from an app, but it's all the system that is breaking.
07:56:22 So that's why it's hard to to be on the path to doing that.
07:56:35 But I don't know if I'm selling to a Christian.
07:56:37 Yes, yes, absolutely. And I just wrote a comment in the chat it really feels like the integration ppl and team is is so involved in in everything that no matter how we try to trim down the road.
07:57:03 a certain sort of the almost like a default gateway for anything that is cross functional and therefore you have to be involved all the time. And so I don't know how we can get out of this, of this cycle of requiring 100% of someone's working time to
07:57:24 this because it sounds like right now. Nobody has the bandwidth to be able to take that on
07:57:22 your CV. Part of the, of the project but at the community level.
07:57:28 And, yeah, look at the history of the PTA and so ln for us but, Brian on before the person from former where they were also spending a lot of time just to to make everything works but it's really looks like Sarah was, it's a position that people are developing
07:57:45 when you are in the middle of the game as ensuring that installation integration testing is always running well so you are not an expert of any of the components, we are just integrating them but you should be able to detect also also upstream problems
07:58:00 or the other problems, and be sure that everything keeps on running, you know, to ensure the sustainability sustainability of the system.
07:58:07 So, yeah, difficult to say we can create a workforce and participate a lot of committee members can have church, it's very difficult.
07:58:19 But maybe I'm wrong idea and maybe I'm, I'm to.
07:58:25 We could reduce and it was to be okay.
07:58:28 That's that's also a
07:58:35 project. Today, nap is also a big project with a lot of components to grow and see that everything is working fine, and I think it's true that we need someone nearly full time because, as much as we can, other programs, anywhere on the.
07:58:54 It says integration BTL acts
07:58:58 pts acts as a point of contact for mini, mini PTs and so on so it's sort of so I sent you to the, to the, to the, on that project.
07:59:09 That is quite it's quite big with a lot of projects on so that's why the integration.
07:59:27 Fact is very bottom up on the next time for another way of thinking because we I know we have tried to use the scope. Right.
07:59:28 But, and I believe if we do less than what Morgan was doing some older scope is less, but I understand also the data engagement. So, if we have two people, two times 50% it's, it would be also okay because we have the time and the backup, or if it is
07:59:48 too much we can have a group of three people, right, we're used to work together and it's free time 30% and I give for 10% India. So, I think everything stopped.
08:00:01 When we defined a minimum scope it's a question also of winning.
08:00:06 Because if we have a group of two three people would like to team up. That will also solve the problem. And again, we have a team of 14 active tsp.
08:00:20 I'm glad that I'm not doing everything myself with them. I'm representing your voice.
08:00:25 Right. And I'm really happy that some of you, you look at different aspects, so maybe we should consider this this walking model, where we have a group of people who are defining the decision.
08:00:41 And then one of them is what Michael takes right depending on on the bandwidth, as well, right we apply the TC modem, to the integration team because the scoop is left so creepy parts of the person maybe will be possible, I don't know.
08:01:02 Perhaps it has been, maybe we can also divide the work, I mean instead of having the same work for all the three people maybe we can also divide the work.
08:01:18 For example, 72 performances was independent activity that can be done by one industry as well as other things can be taken battles mean we can even divide the work into subcategories which are independent, because I'm not be as independent as looks there.
08:01:25 as looks there. So we can actually have them divided and accordingly we can actually have one person the person who can take up the work.
08:01:33 That's another possible terms.
08:01:35 And we can also remove all the consideration I could see people were concerned about that until we have not defined the minimum scope which is somehow the must have it is difficult to split the category, and to split between different people.
08:01:54 So, you can remove all the blue items.
08:02:00 But we need still to confirm if we remove the blue I lied Lifecycle Manager and blah blah blah. Do we still need to do that. So, so everything's there with the scope.
08:02:27 am reading the.
08:02:33 So, so this week, we can expand the baptism, but every year challenge to find not only one person with maybe a group of
08:02:48 three PP Berg, to, to, to look at the are are the tasks, better laid out in the slide deck.
08:03:06 Their detail they're
08:03:03 sharing that it's not enough. Yeah, no, I'm not that's that was my question if so I'll share it.
08:03:10 Okay, I think we had the good constructive discussion on this goal.
08:03:24 Not yet the past to move forward
08:03:24 is actually, I know some concern was about 100% workload. I'm just sorry I just take one moment if you just go to the thing is, if you actually talk about the 72 hours similes test right it's not something that we need to do every day.
08:03:37 Right. I mean, that's, that's something which actually is there. Whenever there's a show something people can actually step in and corrected, but otherwise.
08:03:44 That's something which actually goes on, so that's not surely 100% job if you put everything together in Surely it's and a person job.
08:03:50 But if you take that single point and yes that's 100% job, so maybe someone can actually put it as 20 30% of his role and he can take it.
08:03:59 Similarly, the other part where we are talking about integration languages support use case and all that something which actually goes on forever. We will have the community support to actually check if something is going wrong and all that and we have
08:04:13 automation system also in place which can be developed. So that also is not a full time job that be required to be monitored. So if you see the parts of this institution right maybe it's not hundred percent job of individual but if you put everything
08:04:24 together and surely it's under person job.
08:04:26 So that's something that we can construct to. Right. If you divide and conquer is the best strategy that we can actually picture. If it's possible to have more than one has to involve.
08:04:42 Hello.
08:04:48 We heard you.
08:04:49 Okay, I was not sure what it was connected or not.
08:04:54 Thank, it's something to asset to the two I was thinking about a coupe of people working together or just a bit like a de force right when I see this is from the test for that fantastic.
08:05:14 In we see within the test for the listening piece on lead and people who are also contributing it's not only one person leading everything.
08:05:23 Okay, so, I think I heard all of you.
08:05:29 All the people wanted to share their feedback.
08:05:35 So, let me step back from this concern from one of two days, and make a new proposition. But I really want to see both of the GST because I have the feeling I'm.
08:05:52 So, let's give us one or two days if productive members have a better idea than what has been discussed, let's continue.
08:06:06 There is a meeting change on this topic so please submit your submission.
08:06:16 And for today I think we will move to the rest of the calendar.
08:06:21 Thank you.
08:06:32 Katherine where would you like to go.
08:06:37 You want to do the doc statement of work that's been pushed forward push forward push forward,
08:06:48 if, if, if we don't get to it. My recommendation is that we just have it as an email update and be done.
08:07:02 This is, this is Brandon, I'd probably recommend that we go that route.
08:07:09 Brandon, this is freedom, I'm actually on the call if you want I can give a quick update
08:07:18 on you. Yeah, sure it's Kenny is their time for that. That's what I was asking castle and what she wanted to do.
08:07:26 Okay.
08:07:27 You mean you're getting the agenda.
08:07:32 Okay, sorry I was
08:07:35 disconnected, my mind my brain was disconnected. All right.
08:07:40 Just, just let me look at it. We have been there is a request from from one BTL that I would like to serve.
08:07:50 So, let's go quickly to the detail of deep here. Then we move to you, Brandon, I only need two minutes so there were no request from the ai, ai, ai ppl.
08:08:03 We have been pushing something which is somehow sensitive because we did it, but if you try to use it.
08:08:12 You will go nowhere. But we have security compliance request for my company to do to remove, even if if you have the information none of you will be able to do it it's more regulation security clearance, that we, we need to establish.
08:08:34 So we have been putting some information in the ANSI, which is completely obsolete so again it exists to be compliant with our security clearance, and the request for my companies to remove the information.
08:08:52 The information will not stop ANEI for walking, let's be clear about that.
08:08:58 We can also share the information that it is today so it's just a summer URL that we would like to remove, which was not capture by what I call a gun and therefore we would like to see.
08:09:15 Just to be aligned with or security clearance. If we could remove the information on the file.
08:09:24 Just to be aligned with the company compliance
08:09:31 from the community about this request so do the HTC need additional information about this request.
08:09:41 Yeah, Catherine I definitely need to share the perspective of the of fell off on the side.
08:09:49 lf on this side. Okay sure the, the content in question was committed to the repository. In January of 2019 so we're, we're going a half years after the fact, the request is to go in and remove that artifact from the get repo, all together.
08:10:16 So, the request is fundamentally for us to go in and change history.
08:10:24 In, in the repo.
08:10:26 That is two and a half years old, and it's been through five releases now.
08:10:34 I understand gimme, we have just been called by audit.
08:10:39 Right.
08:10:40 And I understand that as well.
08:10:42 But my concern here is that we have. We're setting a very bad precedent.
08:10:50 If we pursue this because then any company can say well we had an audit and we need to remove this this activity.
08:11:00 lf go spend hundreds of hours to back this out for us
08:11:11 as is it's been out there for five releases, so it's globally distributed.
08:11:17 I know, and as I said, if you use the contain.
08:11:21 You can do anything with it. It's just to meet.
08:11:24 Okay. That's right. It does it
08:11:32 know it's.
08:11:34 This is my personal perspective.
08:11:38 That's the responsibility of the person that committed the code.
08:11:46 And the person that merged the code that was done two and a half years ago so
08:11:56 the request is to go and change history.
08:12:01 And that runs counter and runs absolutely counter to every basic tenet of open source.
08:12:17 But I can't you cannot. You cannot.
08:12:22 We need to at least make the request right now.
08:12:27 I understand you're making, to be open of it it's also against open source basic. So, we had an issue with your openly the issue with the open community.
08:12:39 So high school is the concern.
08:12:41 Now, if it's a no eternal, and we will be both accordingly to the company, but I think it was all right. At least okay the concern that we have.
08:12:51 Jimmy what is the level of effort to do this, you said hundreds of hours so I was kind of piqued my ears.
08:13:02 Yes.
08:13:07 Sorry, can you repeat the question I was replying to a message.
08:13:11 What, What is the level of effort to back out.
08:13:20 This change.
08:13:22 Well, Ai, we were discussing this with with Ambien, I mean the concern is mostly that the fact that there has been releases made after that so it will have to involve the legal team to to approve this to mandate, this right i mean they, they're rewriting
08:13:43 history itself.
08:13:46 It's.
08:13:48 It should not be that time consuming is just a.
08:13:54 The, the whole politics behind that basically.
08:13:59 Okay, well that runs counter to, then I'm, you know, my apologies, that runs counter to the information that I had that it was a significant amount of effort as well.
08:14:13 Well, it's because we have to we have to involve several teams here, the to approve this and also because a scenes that were releases made after that.
08:14:25 It's basically Gilligan star, our, our politics right.
08:14:36 So it. It probably needs to be escalated to the legal to legal team.
08:14:43 From the perspective of reproducibility I guess it means that you're you wouldn't have a view of what would reproduce previous releases belts, as an example.
08:14:56 Subsequent.
08:14:56 Yeah, so it's it's completely erasing it from history.
08:15:01 I guess Catherine does the request also go to, presumably this file has therefore been included in some of the Docker images and so on just the request propagate into those as well that have been created from this repository or just to control your repository.
08:15:16 No, it was more the code in the repository configuration file so by default in delegate back to the doctor but I think for the Docker we get.
08:15:29 We might be able to
08:15:33 convince the auditor.
08:15:36 But otherwise it's fine.
08:15:52 Alright.
08:15:54 So are we saying that this, this is a situation that has never kind of come up before because like in traditional security vulnerability, you need to dress by fixing the code in the current release but if it's a case where you've got some sort of sensitive
08:16:08 information.
08:16:10 Maybe it's personal information or whatever, you know, is it is there not a way to to get rid of that because I mean because that could also be an exposure I think to the elf as well for hosting permissions.
08:16:25 You know considered the private or, or, you know, some sort of security risk.
08:16:35 So he does have come before he has happened before actually.
08:16:41 In, the answer is always the same like okay, if there were no releases made, if they're if the exposure was reasoned, and there were no releases made after that then yes, I mean, we can help you out.
08:16:53 But the problem comes when there's has been releases happen after that or when the change is really real really old that the history is just way too big up in in time.
08:17:06 So, we have this case before where the history is too long, and we asked the, the outdoor to make sure that they whatever information is there is no longer valid.
08:17:19 And to change it in history but it always comes back to okay if you have a TLC approval, we will do it.
08:17:25 But they never get to that point they always say okay well we'll let me correct it and that's it.
08:17:31 It never escalates further, but the it has happened few times you have happened several times in fact. Yeah, and it's happened previously with own out by No.
08:17:40 Yes. Um, but, it, it, when it has happened.
08:17:44 It's something that was caught, very quickly.
08:17:54 And there you know it.
08:17:57 Hit it was caught very quickly and basically it hadn't been propagated far.
08:18:08 So in this case it was a password that was included,
08:18:17 knowing that the password is has been included. I have to assume if there's been a security audit that that password has been adequately changed.
08:18:31 And considering that it's it's two and a half years back.
08:18:42 Is that the case though that there is a password that was somehow someway left in their code and we want to make sure that it doesn't get propagated yeah yeah but it's didn't get propagated it was it was it was committed.
08:18:58 Before we dropped Dublin.
08:19:00 I say, I say, but it would seem to me though, if it is a password related, you would have to change the password anyway because you can't promise that no one is going to.
08:19:10 Even if you, if you erase history. Right.
08:19:14 Somebody might have a copy of the code and they'll always be there.
08:19:21 Yes. So you would almost have to change the password.
08:19:27 It's not only the password, it will pull the URL as I said, I confirm that nobody can do anything with that.
08:19:37 We are trying for we we have been caused by an audit that has been performed.
08:19:43 And we are trying to address that.
08:19:53 Because we have to do that God, I believe your company are also doing some time audit, bringing the record here because bill was not able to join.
08:19:58 I think it's my right to bring the request.
08:20:03 The minimum. Amy with possible Security Committee at least she get the feedback of the community, right, and whatever we decide, at least we have to lie right that's that was also important that we try to bring the request.
08:20:18 Okay,
08:20:25 and Catherine, I think that the messaging has to go back to audit, to say yes we tried, and to explain that, yes, you can still find this in there but it's, it is not, it's not, it's no longer useful information.
08:20:41 So it's not as if we put it and so I think that from an audit standpoint, so that would be the, the, the two pieces of information that are very important for audit because quite frankly we've had similar problems with non Linux Foundation get hubs.
08:20:59 We also probably have to explain what processes have been put in place since 2019 to ensure that this does not happen again.
08:21:09 Yeah, for sure, and we ended up costing of the, of the typical report that we have been trying to bring the concern and ever, an agreement with the open source community but logically we.
08:21:25 It seems that it's a know from the community.
08:21:28 And I think thank you and also the point, the points that you raised Catherine, I think are probably important ones just to have that to just be able to say to other companies who may run into the same problem.
08:21:41 You know why we don't why it hasn't done.
08:21:45 The fact and then to just say, you know, if they get a similar audit here's the things they've done their, their due diligence internally to render this information, useless to a potential hacker.
08:22:00 And also, there have been additional controls put in place to ensure it doesn't happen again.
08:22:06 Yeah, and we can add that to the owner operating principle.
08:22:13 So it's possible to guideline that we don't tell you anything.
08:22:17 So Kenny Will you be able to add that above the open hitting principles.
08:22:23 So at least if another company for to the same issue.
08:22:27 At least is documented.
08:22:32 So, the,
08:22:36 the, the, the policy being put forward is that once in a once in the repo, it's in the repo.
08:22:47 In, in simplistic terms.
08:22:51 If we can document that somewhere, it will be also great.
08:22:56 Kenny right i think i think the point that Jason made I believe it was Jason or, I'm not sure if Karen, or somebody.
08:23:04 Let's assume that we have a security vulnerability let's say we have a Trojan horse or we have a virus in an early earlier version of the code.
08:23:16 Right. We just can say, I'm assuming that we can't their race history, of course, is no longer history it's a vulnerability that would need to be addressed.
08:23:30 I think that's right chakra. And I think that the distinction here is that it's your example is a problem in the code that can be fixed. And the fact that it was in an older release.
08:23:41 Well, it was in an older release.
08:23:45 The distinction here is that there was information that could be considered proprietary information or it could be sense sometimes of sensitive personally identifiable information I think that that was, that was what the case here is and I suspect that
08:24:00 those are cases that you have, we're going to have to consider one, one at a time. So, in this case password URL that can be changed internally by a company, no problem.
08:24:11 If we're talking that somehow PII got put so personally identifiable identifiable information got somehow put in a repo, that's probably something we have to have a more serious conversation about because yes, it got out in the wild there's other you
08:24:26 know it's been downloaded other people have it but do you, but this Linux Foundation want to continue being the place that propagates that information.
08:24:35 It's a different conversation and I don't think it's relevant to this particular case.
08:24:40 And that's why Kenny I like that you described it as being simplistic. We don't change history.
08:24:46 But there's going to be a we don't change history, except there, you know, there are certain things you consider on a case by case basis, such as pi.
08:24:57 I don't expect that to ever happen and and Ella, but you never know.
08:25:16 when something has been committed and is
08:25:22 when something has been
08:25:26 once something has been committed
08:25:30 to the code base
08:25:35 policy is.
08:25:38 Yeah, you are writing somewhere, can you yeah I guess I can, I was typing it in the chat window but I guess I could do it over in other Windows Server I can see.
08:25:58 I will say, though, that we sorry, we still have to.
08:26:02 It could be different right but if there is a vulnerability if there is a.
08:26:06 If there is a really security bug in the old code.
08:26:11 We as a community we need to figure out what the approach of the strategy would be to mitigate mitigate that prior, the patient chakra that's where we're so that's one of the reasons that we try to run the scans that we want to run.
08:26:30 You know, especially if we want to do the code coverage testing to uncover these.
08:26:36 In that case, if it is a serious vulnerability, we would want to raise that as a CV, so that it's publicly, so that it becomes public knowledge, not just something that's known within the Linux Foundation, and then there would be a plan to fix it, the,
08:26:59 And then that would be fixed in a, in some release.
08:27:02 And I think that that process is pretty well is pretty well established we have the vulnerability manager I'm saying I'm saying something different. if there is a really awesome.
08:27:12 Yeah, not saying I'm saying totally something different. If there's a vulnerability in an old release that can cause havoc.
08:27:23 Right.
08:27:24 You just can say and fix it in the next release, you either have to remove that release from the repository, or you got to go back to that release and put a fix in.
08:27:39 So chakra that requires that there be resources from the community to go back and fix that released.
08:27:47 I think that it doesn't really matter.
08:27:49 So yeah.
08:27:54 Yeah. All I'm saying is what other communities do.
08:28:02 Typically if there's, if, if the software is in
08:28:10 an actively supported release.
08:28:13 Typically they would go in and fix the vulnerability and all those right you cherry pick it and plug it into each release that is currently under maintenance on, obviously, it would be fixed in the future release going forward.
08:28:29 That's how it would normally be handled if the issue existed in an older version that is no longer maintained.
08:28:40 I'm not aware of situations where folks have gone back in, and, like, brought up releases that are, you know, end of life.
08:28:56 And my parents. Yeah, Kenny and I would back you up on that my experience of going through and looking at older versions of packages that are included in in own app is that newer releases are fixed, you know, patches are applied so it's a newer say adopt
08:29:12 release, but that the older versions, still may still have the vulnerability.
08:29:21 It's just very clearly document where that where the vulnerability was fixed, and that at this point in time, it's been it's fixed.
08:29:33 I don't know if I don't know if I'm speaking across you.
08:29:43 I missed on that but get your point. For example would be something like hard Payton open SSL or somewhere I thought from a while back, which I think they did exactly that abilities to see the that was like 2014.
08:29:54 And then all of the projects that included a variant of open SSL fixed it in their current branch of the software.
08:30:01 But if you go back and look at it, they get repository for open SSL and you can still see the version which would have had the original a heartbeat vulnerabilities.
08:30:09 That's correct. Can you wouldn't go back and change the code, and get repository to raise the history of that version as well I think that's the key difference here, which I was trying to say is maybe batch research after you're trying to say patch on
08:30:25 top of that specific order change the version so but provide a patch isn't it.
08:30:30 Well, I'm not, I'm not actually advocating a fix. Right, I'm trying to describe a case in trying to gauge the response from the community right, it's the old.
08:30:46 The old issue right old age issue of, I have a vulnerability in a release that can be downloaded by anyone.
08:30:59 And the issue is, I mean the question or the comment that I'm making is, if you allow people to keep on downloading downloading every release that has a non vulnerability or security risk, you're basically propagating the problem even further.
08:31:18 So you either have to fix it or you have to stop, allowing people to download the release.
08:31:28 Check in the case can be accepted the release notes for that because release something which is still going on. And we have a section in release notes which actually clearly say security vulnerabilities.
08:31:40 Right.
08:31:40 Yeah.
08:31:40 No, I agree I mean, you're the case you're bringing and I'm sorry if I didn't have to know. It's the biggest thing that we see when we get a notification for Microsoft for upper the default phone thing and they want that you're great.
08:31:46 So, you can always connect on top of it. If it is something in the old code, you know, since we have end of life of the old code that should not be a concern right we, for me, we can always upgrade on top and six security issue a vulnerability in the
08:32:17 code that can open a breach, or anything. I think we are co reported, and in and that's why the sitcom was also asking us to be sure that when they find something.
08:32:31 The community with, with the actor quickly as well. So, this concern I think sector we, we, it's more than is under control because we've already defined.
08:32:42 I just need to find the page. But the problem I was highlighted before we knew and we try to document it.
08:32:50 So if any other company sees the same issue, they already knew what we have just discussed, which is it there forever.
08:33:01 Okay.
08:33:02 Does it help. I think we are running the bottom of the line.
08:33:07 So Kenny capture from Hall.
08:33:20 Your feedback I believe the TMC was agreeing on it, but at least you capture your position as the, preventing DNS. And I don't know if there seemed to go home to vote on your proposition with no we don't so so that's kind of the houses and agreed and
08:33:27 I'll take it to email.
08:33:29 take it to email. Okay. No we didn't cover a lot of other items, I apologize for that. My apologize in particular to London and to see her, because I thought it would be five minutes topics I didn't expect a lot of discussion with it's also good because
08:33:48 we are setting the features together.
08:33:52 sacrum I apologize.
08:33:54 We did not touch your items, we might be able to do it on the 17 except if it is a very, very relevant topic.
08:34:02 And I see that David wanted to invite all of us for the only real hip hop perspective of the disco home.