Versions Compared

Version Old Version 2 New Version Current
Changes made by

Paweł Pawlak

Paweł Pawlak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Jira No
SummaryDescriptionStatusSolutionTSC electionsupcoming TSC Chair/Vice Chair elections - no candidates so far.

Unmaintained meeting update

-Connecting images to repos is nested within the JJBs

-Options: (1) use tagging to connect images to repos, (2) POM files have container names, (3) multi-image repos have info in JJB, (4) use logs of jenkins build jobs

-Repo Tagging: https://help.sonatype.com/repomanager3/nexus-repository-administration/tagging

Jessica will attend the 31 October Unmaintained Repo meeting

ongoing

Tony Hansen proposed an automated solution using POM and JJBs to associated images to repos

SBOM updatePTLs or LF IT to be responsible for configuration change (JJB template). If no PTL, the change shall be on LF IT.

Where SBOMs are not produced, troubleshooting needs to be done by LF IT and SECCOM.

Jiras per projects to be issued by Muddasar. IF PTL exists, it would be assigned to him/her, otherwise to LF IT (Jess?).

Logging requirement - Bob and Byung

-Python PoC, PTL to be targeted, internal resource available, library to be prepared

-Update on presentation to PTLs

-Recommendation from Vijay – work with Integration team

-GR for Java – pushback from PTLs

-Decision: proceed with java GR for London

Agreement for PoC to be achieved with Vijay.

Security asessment questionnaire – ongoing Tony with Vijay

-DCAE - ONAP Security Review Questionnaire Template

-SECCOM next steps: define a scoring methodology

Add to Nov 1 SECCOM agenda as first item: discuss scoring methodology

LFN Developer & Testing Forum NA

  • Registration Open
  • Nov. 17 & 18 2022 Seattle, WA, USA, In Person
  • Proposed submissions
    • [Plenary/ONAP] Productization of Assured Opensource Software
    • [Day 1 – Plenary] SBOM implementation and challenges in ONAP
    • [Day 2 – ONAP] London security requirements, ONAP architecture update, ONAP ServiceMesh
Daylight saving time To be further elaborated. In US in the week of November 4th, last weekend of October for Europe/PolandSecurity Call Data Record (SCDR) presentation by David

Secure slicing capability in 5G is seemed almost equivalent VLAN capability. 

https://wiki.lfnetworking.org/pages/viewpage.action?pageId=74647627

Byung presented yesterday, one of the things was Intent Based Networking, Maggie will present as well around this topics (metrics).




Logging Global Requirement

Choice of application logging standardout and standarderr - security challenged. Problem statement: Fluentbit can not access logs in other pod. Changing base image with modifying permissions for standardout and standarderr. Potential compliance issue to be studied.

Long term solution would deal with security mesh (ISTIO based).

Log format - not specified in GR. Java POC for CPS is in JSON, but at this stage it might be an impact.


Bob to come back to Vijay with Berth in copy.

Unmaintained meetingNew time line - after PTLs call - to be confirmed with David.


SBOM crossprojectMuddasar is working with LF support. Changing version of output file was causing problems.


London SECCOM requirementsApproved by TSC.


TSC meeting on November 3rd

Kohn Release notes

Ongoing TSC Chair/Vice Chair elections

LFN Governance Board ONAP status update – slide deck preparation

ONAP transformation - presentation by Magnus

ONAP cross-community topic for LFN DDF - SBOM https://wiki.lfnetworking.org/pages/viewpage.action?pageId=80281797, TSC are in agreement on the topic for first day of D&TF




Architecture subcommittee

Checking what could be the input to Magnus' Mainstream (to be presented at the DTF).

Presentation about security by Andrew with Byung assistance.




Operational Security Assurance for Open Source 5G Mobile NetworksWill be presented by Maggie at the DTF.


SECCOM MEETING CALL WILL BE HELD ON 22nd or 29th OF November'22. 







Recordings: 

...