...
Jira No | Summary | Description | Status | Solution | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Java and the new model of licensing for Oracle JDK versus Open JDK – Natacha | Oracle JDK which is commercial - benefits updates Open JDK - like open source so free of charge but support for java 11 but not earlier versions. | Presentation was submitted to recent TSC meeting to ensure the common understanding of the risk. | TSC wants to know which distribution of the OpenJDK is used – Integration team/OOM to be contacted - discussion planned for next status meeting on Wednesday. SECCOM cares Java 11 and not particular distribution - we appreciate common image from governance perspectiveand harmonization - coordination on release manager side. Next steps: E-mail to be sent to Morgan with Pawel B. in copy to confirm if image is already created. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Secrets management | Agreement achieved last week (Krzysztof and Samuli) | Written description is needed on the Wiki. | Once we have a written recommendation, it would be reviewed at the next SECCOM meeting and further presented at the TSC for an prroval - once gained it would become best practice. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Script for automatic jira ticket generation of direct dependencies to be upgraded was successfully tested with CLAMP by Julien and Pierre. | 2 scripts were created in Python
| Scripts were reviewed as well as CLAMP. No specific feedback from SECCOM received from demo till today. | Nexts steps:
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
New xtesting security docker has been integrated end of last week. | Meeting on Wednesday with OOM and Integration. | Update next week. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Frankfurt M2/M3 scorecard SECCOM requirements update | Items reviewed:
| Oracle JDK which is commercial - benefits updates Open JDK - like open source so free of charge but support for java 11 but not earlier versions. | JRE (compilation not possible) vs JDK (compilation possible). Packaging change for java 11. | Presentation to be submitted to next TSC meeting to ensure the common understanding of the risk. Java 8 JRE is bundled with the Java 8 JDK. | 2 ways to deploy ONAP:
| For container we should be able to provide plain text passwords | ONAP out of the box is using password generator of certain type - to be documented for ONAP.
| PTLs cal |
|
| Template to be created. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 11TH OF FEBRUARY'20 |
...