This centralized page, for all Jakarta projects, is aimed at identifying the risks as they are foreseen within the release life cycle.
A Risk that materialized becomes an Issue.
Status:
- Identified: a risk that has been identified, but has not yet been analyzed / assessed yet
- Assessed: an identified risk which currently has no risk response plan
- Planned: an identified risk with a risk response plan
- In-Process: a risk where the risk response is being executed
- Closed: a risk that occurred and is transferred to an issue or the risk was solved/avoided
- Not occurred: a risk that was identified but that did not occur
- Rejected: created and kept for tracking purposes but considered not to be used yet
| Risk ID | Project Team or person identifying the risk | Identification Date | Risk (Description and potential impact) | Team or component impacted by the risk | Mitigation Plan (Action to prevent the risk to materialize) | Contingency Plan - Response Plan (Action in case of the risk materialized) | Probability of occurrence (probability of the risk materialized) High/Medium/Low | Impact High/Medium/Low | Status | Notes | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 11 | OOFDCAE | 08 | Problem with removing GPLv3 components from OSDF docker image | OSDF | Possible ways of solving the problem are documented here. OSDF Image optimization | Raise an exception for this release and continue to work on it | Medium | Medium | Identified | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 2 | Policy |
| Problems resulting from upgrade of jetty-server | Policy, oparent | Request update to oparent sooner rather than later so that impact may be assessed | Raise an exception for this release and continue to work on it | Low | High | Not occurred (based on discussion with James Hahnin PTL meeting Aug 23) | Reviewed Aug 23 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 3 | Policy |
| Problems resulting from upgrade of CDS jars | Policy, CDS | Be proactive with CDS team | Medium | Low | Closed (based on discussion with James Hahnin PTL meeting Aug 23) | Reviewed Aug 23 | 4 | Policy |
| TSOCA Control Loops are dependent on migration of DCAE kubernetes | Policy, DCAE | Be proactive with DCAE team | Medium | Medium | In process (based on discussion with Liam Fallon in PTL meeting Aug 23) | Reviewed Aug2 3 | 5 | AAI | REQ-438 - COMPLETION OF JAVA LANGUAGE UPDATE (v8 → v11) dcaemod-designtool & dcaemod-nifi-registry has dependency on upstream (NiFI) project which is currently on java8 | DCAE | Continue version | Extend the Waiver/Exception filed for H release | High | Low | Assessed (Discuss with SEECOM on current waiver extension) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 2 | AAI |
| Lack of resources to deliver security Jakarta high bugs/issues
AAI-3194, AAI-3292 | AAI | & global requirements | AAI | Make best efforts to resolve the security findingsglobal requirements and high issues | Raise an exception for this release and continue to work on it | Medium | Low | TBD - William Reehilplanning to file waiver. Discuss with Catherine what the appropriate status should be. | Reviewed Aug 23 | 6 | AAI | make best efforts to resolve | High | Low | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 3 | AAI |
| Janusgraph does not support Java 11
| AAI | Not much we can do repos affected: aai-common, aai-graphadmin, aai-resources, aai-traversal | Raise an exception for this release and hope janusgraph supports java 11 in the coming release | High | Low | TBD - William Reehilwaiver filed. Discuss with Catherine what the appropriate status should be. | Reviewed Aug 23 | 7 | DMaaP Message Router |
|
Confluent base images used by Message Router kafka/zookeeper are built using Java 8. Move to a newer version is a risk based on resources/time constraints. | DMaaP | Source some more resources for the project to address this issue. | Obtain a waiver for the problem packages | High | Low | Identified | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 9 | CCSDK |
| Most recent AAF shiro plugin version appears to still be compiled for Java 8, which causes problems when installed in Karaf under Java 11. | AAF | AAF plugin is not installed until this is resolved - installing it breaks the container. | Will continue to use built-in ODL credentials instead of using AAF to authenticate | High | Low | Assessed (based on discussion with Dan Timoneyin PTL meeting Aug 23) | Reviewed Aug 23 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 10 | DCAE |
| DCAE | Continue H version | Waiver/Exception to be filed with SECCOM | High | Low | Identified | 11 | DCAE |
| Scope of DCAE Transformation (REQ-685) being large and dependency on multiple projects (DCAE, OOM, Integration, CLAMP) - there is risk in completing the planned scope in entierity for this release | DCAE, Integration, OOM, CLAMP | Periodic assessment with all impacted project; adjust target scope if required. | Defer subset of features to J release | Medium | Medium | Identified | 12 | UUI |
|
Update the vulnerable direct dependencies in code base but the result is unknown, and we don't have the lab environment to verify it now | UUI | Delay it until our lab environment is ready | High | Low | Identified | 13 | UUI |
|
Not enough human resource to do this modification | UUI | Continue working on it until next release | High | Low | Identified | 14 | SDC |
| Not able to fix all the identified security issues required by the global requirement
| SDC | Source resources to take a look and responsibility to fix the issues as soon as possible. Items will be tracked twice a week.4 | INTEGRATION |
| Lack of lab resources to run daily/weekly tests Tests are running on the Nokia, Orange and DT labs. If there are some issues or companies plans to withdraw the project we could be out of tests results. Will be best to have lab resources on community labs to run tests on them (independent) | INTEGRATION | Find a lab to run tests on them | Use one of the gating labs or the integration lab to run tests. Queue of the gating tests will be longer and/or the integration lab won't be available | Medium | High | ||||||||||||||||||||||||||||||||||||||||||
| 5 | OOM |
| Lack of resources on OOM | OOM | have more committers | High | High | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 6 | MULTICLOUD |
| Lack of resource on Multicloud | MULTICLOUD | Make best efforts to resolve the global requirements and high issues | Raise an exception for this release and continue to work on itLowmake best efforts to resolve | High | Low | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Not occurred7 | 15 | SDC |
| Not able to update all the required vulnerabilities, as per general requirement
| SDC | Continuously monitor the vulnerabilities reported | SO |
| Lack of resources to deliver Jakarta high bugs | SO | Make best efforts to resolve | Raise an exception for this release and continue to work on it | Low | Low | Not occurred | 16 | SDC |
| Code coverage fail to meet the required goal. Currently we are very close to the requirement of at least 55% of line coverage. | SDC | Track code coverage closely and try to identify the changes that introduced drops and improve them. | Raise an exception for this release and continue to work on it | Low | Low | Not occurred | 17 | SDC |
| Not able to fix
| SDC | Try to find resources in the community to work on the issue. The issue will be tracked twice a week during the release. | Raise an exception for this release and continue to work on it | High | Low | Identifiedmake best efforts to resolve | High | Low | Assessed and worked upon on priority, remaining items are moved to the next release |
