We will start our meetings by mentioning the project's Antitrust Policy, which you can find linked from the LF and project websites. The policy is important where multiple companies, including potential industry competitors, are participating in meetings. Please review and if you have any questions, please contact your company legal counsel. Members of the LF may contact Andrew Updegrove at the firm Gesmer Updegrove LLP, which provides legal counsel to the LF.
Agenda
START RECORDING
Agenda Item | Requested by | Notes / Links |
---|
Cross-project discussions | | Code scans now conducted by a third party, Source Auditor (Jeff Shapiro) |
Subcommittee Updates for PTLs | | Log4j upgrade vulnerability recommendation. View file |
---|
name | 2021-12-16 ONAP Security Subcommittee recommendation log4j issue v3.pptx |
---|
height | 150 |
---|
|
CentOS version used by ONAP community. - David McBride file ticket with LFIT to determine whether Nexus IQ scans are only looking for the string 'log4j". Could we be missing instances of log4j where this string is not included in the file header?
Filed ticket IT-23420 What about VID (unmaintained)? Any dependencies? Currently failing build. |
IF TIME ALLOWS .... |
Release status | | Istanbul Maintenance Release (highest priority) - The TSC agreed on Dec 16 that mediation of the log4j CVE is the highest priority for ONAP
- This will include an Istanbul Maintenance release as soon as possible
- Due to the urgency of the log4j issue, PTLs should avoid including any additional changes that might delay completion of the maintenance release
- The release name, 'Istanbul Maintenance Release 1' has been created in Jira. Please assign this release name to the "Fix Version" field for issues for the maintenance release.
Jakarta release - No changes to the Jakarta schedule due to the log4j issue for now. We will monitor progress and re-evaluate as we get closer to M2 in January.
- M2 scheduled for Jan 27
- M2 issues were published Jan 10
- M2 includes a new task for PTL's to color code the Impact View per Component page
- Arch review task expanded to include discussion of inter-project dependencies
|
Upcoming Events | | - LF's Diversity, Equity & Inclusion report
- Holiday Schedule:
- TSC meetings canceled for Dec 23 & 30th.
- PTL meetings canceled for Dec 27 & Jan 3
- LFN Developer and Testing Forum, Jan. 10-13, 2022 (4h topics + 30 mins break)/day , Virtual Event
- Open Networking & Edge Executive Forum (ONEEF)
- LFN Developer & Testing Forum, Week of June 13th 2022
- Physical Event
- Porto, Portugal
|
Remaining Action Items | |
|
...