Passcode: 209247
We will start our meetings by mentioning the project's Antitrust Policy, which you can find linked from the LF and project websites. The policy is important where multiple companies, including potential industry competitors, are participating in meetings. Please review and if you have any questions, please contact your company legal counsel. Members of the LF may contact Andrew Updegrove at the firm Gesmer Updegrove LLP, which provides legal counsel to the LF.
| Attended | Proxy (w/ @name) | Gov. Holiday | Did Not Attend |
|---|
...
Agenda Items | Presented By | Presos/Notes/Links/ |
|---|
Subcommittee UpdatesArch, Lab, Modeling, Seccom, Requirements |
| log4j bug - CVE-2021-44228 Message from Catherine Proposal: - Use SECCOM, or form a working group, to scope the issue within ONAP:
- identify the necessary changes
- develop a validation test plan, including automated regression testing
- develop an implementation plan (who, what, when)
- socialize with PTLs and TSC and develop consensus
- Devote all available resources to implementing and validating the fix on main, including setting aside work on Jakarta, if necessary
- Cherry pick changes to Istanbul and re-test
- Update Istanbul documentation/release notes, as necessary
- Generate a maintenance release as quickly as possible, without shortcutting validation of the fix
| View file |
|---|
| name | 2021-12-16 ONAP Security Subcommittee recommendation log4j issue v3.pptx |
|---|
| height | 150 |
|---|
|
#AGREED the TSC approves remediating log4j as the top priority for the ONAP community requiring immediate action to correct in both Istanbul and master branches. ONAP Vulnerability Management | Jira Legacy |
|---|
| server | System Jira |
|---|
| serverId | 4733707d-2057-3a0f-ae5e-4fd8aff50176 |
|---|
| key | INT-2039 |
|---|
|
- Krzysztof Opasiak will file a CVE on ONAP's behalf (as soon as the list of projects are all confirmed at a minimum
- SECCOM to present the action plan to the next PTL call on 12/20
- SECCOM will create the JIRA tickets for the impacted projects in order to solve it as part of the Istanbul maintenance release and the Jakarta release. They will track to completion, supported by our release manager, David McBride and the Integration Team (through the Docker Scan)
|
Release Status | | Release Status Weekly Update #AGREED The log4j vulnerability will mandate an Istanbul maintenance release. The maintenance release should be limited to log4j remediation only. cl664y@att.com - no changes to Jakarta release schedule due to focus on log4j issue for now. Continue to monitor progress on the issue and re-evaluate as we approach M1 in January. |
RelEng/Infrastructure | | - Tickets- Open showstoppers:
- Tickets- Waiting on Community:
- Migration Status / Upcoming Changes:
- Jenkins JCasC Migration
- allows custom setting
|
PTL Updates |
| - VVP No PTL. No Volunteers.
- VNFRQTs No PTL. No Volunteers.
- Where do we move 3GPP VES specification ownership
- OOM down to one Committer (Krzysztof Opasiak finishing his PhD
 ).- OOM PTL please review the list of contributors and identify who from the community to promote
- E2E Network slicing leadership vacancy
|
LFN Cross-Organization UpdatesMAC, SPC, TAC, EUAG, LFN Board | | LFN Marketing Update |
TCC / ONAP Liaison Updates |
|
|
Task Force Updates
CNF, Wiki 2.0, ONAP Enterprise |
| CNF Task Force will resume their activities on January 4th, 2022 Enterprise Task Force will resume their activities on January 5th, 2022 |
TSC Activities and Deadlines | | |
Upcoming Events & Housekeeping | | - LF's Diversity, Equity & Inclusion report
- TSC meetings canceled for Dec 23 & 30th.
- PTL meetings canceled for Dec 27 & Jan 3
- LFN Developer and Testing Forum, Jan. 10-13, 2022 (4h topics + 30 mins break)/day , Virtual Event
- Open Networking & Edge Executive Forum (ONEEF)
- LFN Developer & Testing Forum, Week of June 13th 2022
- Physical Event
- Porto, Portugal
|
<Available Slot> |
|
|
...