Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 31st of October 2023.
Jira No | Summary | Description | Status | Solution | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
LFN AI/ML use cases | Muddasar Ahmed presented the draft deck about LFN AI/ML use cases. Maggie shared link: https://www.nist.gov/itl/ai-risk-management-framework We need to have Ops feedback (NOC manager) on AI, what pain point could be solved by AI. | |||||||||||||||
Nephio security working group | Byung-Woo Jun informed SECCOM that the Nephio security WG is holding a joint meeting with the LF security SIG today at 11AM ET. Nephio plans to adopt 80% of OSSF passing badge. Topic further discussed: It was noted that the passing badge should be straight-forward to achieve. The web page tlhansen.us/badging was discussed. Click on “Single Project…” then fill in a search string or badging ID (e.g. "nephio" or "7665"). For Nephio, Tony recommends to sort by “Type+Section” Nephio SIG Security meeting: By: Lucy Hyde When: Tuesday, October 31st, 2023 8:00am to 9:00am (UTC-07:00) Pacific Time - Los Angeles Repeats: Weekly on Tuesday Location: https://zoom.us/j/96025994457 | |||||||||||||||
Support for CPS to get gold badge | OJSI distribution list participants were updated with Amy's and Jess's support. 2FA ongoing by Jess and Eric for CPS and OJSI distribution list. | Per Jessica Wagantall: LFIT will bring the request for 2FA for all users across all ONAP Jiras to the TSC (26th Oct) for approval. | LFIT will implement 2FA for users across all ONAP Jiras. | |||||||||||||
Modeling component move to unmaintained | Modeling team did not follow the unmaintained project process. Build failing for components reliant on the "etsi" components. modeling/etsicatalog repo deprecation
Actions:
| Kenny Paul following up to fix the build break. | ||||||||||||||
AAF Certificate Expiration |
Review work around proposed by Andreas Geißler - deferred until Andreas Geißler returns from holiday Some project containers still experiencing problems: clients using the cert-initializer (e.g. SO, SDC, CDS) still fail. Need to document certificate management in user docs. Louis Gamers' AAF cert wiki page: (1) Create AAF CA certificates - Developer Wiki - Confluence (onap.org)
Discussion with China Telecom done - they could check potentially next week and they worked independently on this issue, Aaarna Networks commited to check Andreas's patch. | Paweł Pawlak to send an e-mail notification to China Telecom about the script prepared by Andreas and associated Wiki documenting it. | ||||||||||||||
Container Signing | Review next steps: -select signing software (SECCOM + LFIT) -perform POC with friendly projects (ONAP) -integrate into build process (LFIT) Looking for a volunteering project to work with us. raised at the 18th September PTL's call but no volunteer so far. LF IT would have to prioritized topic. Prioritization is possible with LFN, Muddasar to update ticket. | Muddasar Ahmed to analyze which ONAP project has the most frequent changes in its containers. Muddasar reached out to LF-IT, Jess and her team are analyzing what enhancement has to be made with CI jobs to allow for Container signing. Further updates will be provided when scope and efforts have been assessed. https://jira.linuxfoundation.org/plugins/servlet/desk/portal/2/IT-26130 | ||||||||||||||
No PTL for AAI, DCAE, OOF | -Andreas Geissler and Thomas Kulik made committers -They will do the work necessary for the projects to participate in the release -TSC approved streamlining process (7 September) -SECCOM will create package upgrade recommendations -TSC will recruit resources to perform upgrades for AAI, DCAE, OOF
Kenny's reply is that we could benefit from Mentorship program. We have to define job description and skills needed. | -Byung will discuss with Andreas and Thomas to coordinate release tasks such as backlog prioritization -Muddasar: someone needs to take backlog management role -Muddasar: no mandated best practice to manage technical debt; call for a statement about code quality – all code will be secure -Muddasar & Amy: bring mandate for code quality to LFN TAC 2023/8/16
| ||||||||||||||
SSO use case | Topic related to CI/CD, do we have 2FA for code submitter and committer. | |||||||||||||||
TSC meeting (October 26th) | Voting on ETSIcatalog | |||||||||||||||
PTL meeting (October 23rd) | ||||||||||||||||
LFN-TAC (October 11th) | No update | |||||||||||||||
NEXT SECCOM MEETING CALL WILL BE HELD ON 7th of November 2023. |
...