...
| Jira No | Summary | Description | Status | Solution | ||
|---|---|---|---|---|---|---|
| Good news! | Byung as the new Architecture Subcommittee Chair - congratulations! | |||||
| CPS Road to gold | Idea of submitting presentation proposal for DTF virtual event on CPS road to gold with Tony’s contribution (few additional slides on why CPS could not get to gold and what are the missing pieces in the infrastructure). Main blocker: lack of second verification - 2FA is missing at the LF IT infra. First priority to get it supported for committers (MFA at the gerrit level), other group with lower priority are code submitters (MFA at the git level). | started | 2FA is missing at the LF IT infra – Amy to share with TAC. To be checked if gerrit supports MFA. Tony could present this issue to TSC (next week?) Pawel to share with Lee Anjella the proposal for a joint presentation. Tony prepared his part of the deck for a common presentation. | ongoing | Tony to send a copy to broader team and check with Lee Angella. | |
| Building a better 5G future... | Muddasar iswas presenting todayAccelerating 5G Innovation at the ONE conference in Vancouver - crossing fingers!. Recording shall be available in few weeks. Muddasar provided a quick summary. Maggie will be speaking to 5G superblueprint on network slicing and network configuration on Wednesday (11.00 AM EST). | |||||
LFX Security Dashboard | Amy had a meeting with Jess. -LFX is a security framework - open for different pipelines, no dictated tools, and absolutely no integration with LF purchased/licensed products: Nexus-iq or Sonarcloud. -ongoing VEX and SBOM under exchanges | ongoing | Value to ONAP projects could be increased by providing configuration templates for existing tools. | |||
| Latest weekly scans | Marek was able to initiate latest run of scans. Results are progressing, cassandra and zk-tunnel-svc to be further elaborated. Marek does not know which project is using zk-tunnel-svc - it is not in Jenkins ONAP-discuss question was raised but no feedback so far. | Pawel to check with Marek if he recalls zk-tunnel-svc is part of which project. | ||||
PTL meeting (May 8th) Liam confirmed interest in questionnaire review Discussion on Java 17 recommendation impact and dependency with other upgrades (Spring 6 and Springboot 3). Database, Java, Python, Docker, Kubernetes, and Image Versions15th) | PTL Agenda Topic: Confluence and JIRA alternatives – no issue anymore M4 status update RC for London June 1st. Montreal M1 planning (June 22nd) | Tony to be contacted by Policy team member for 5 Year security review. | ||||
TSC meeting (May 4th) Final list of unmaintained by Amy presented to TSC. If there is no PTL, tickets shall be assigned to Pawel as TSC Chair who could reassigned further11th) | Voting on modified ONAP mission statement and chapter modifications Preparation of the deck for Governance Board (presentation today!) 2FA issue raised – follow-up with Andreas and LF- IT today at 5 PM CEST. | |||||
| SECCOM Montreal requirements | Existing Global requirements -Epic REQ-437: COMPLETION OF PYTHON LANGUAGE UPDATE (v2.7 → v3.8)
-Epic REQ-438: COMPLETION OF JAVA LANGUAGE UPDATE (v8 → v11)
-Epic REQ-439: CONTINUATION OF PACKAGES UPGRADES IN DIRECT DEPENDENCIES
-Epic REQ-443: CONTINUATION OF CII BADGING SCORE IMPROVEMENTS FOR SILVER LEVEL
-Logging for Java
| Bob to share Jira as a reference. JIRA ticket for the security logging for Java containers. https://jira.onap.org/browse/REQ-1072 Integration in Subcommittees | ||||
| Requirements Subcommittee will be integrated under Architecture Subcommittee. | SECCOM MEETING CALL WILL BE HELD ON 23rd May 2023. | SBOM Types & Minimum Requirements for VEX Documents - we move it to the next week, Muddasar will prepare some info on SPDX 3.0 and different types of SBOMs. |
Recordings:
SECCOM presentation:
2023-05-18 ONAP Implementing 2FA.pptx