zoom bridge: https://zoom.us/j/283628617
Duration 60 minutes
Duration | Agenda Item | Requested by | Notes / Links | |||
---|---|---|---|---|---|---|
START RECORDING | ||||||
30min | Dublin end game plans RC2 - May 30th (Euro holiday) Sign-off - June 6th | RC1 Follow-up: Deliverables for RCx Milestone Checklist Template !!! PTLs to provide latest RELEASE Images ASAP, especially if you made changes post-RC0 !!!
Please provide your RC2 checklist no later than May 29th 11am PST- thank you | 15 mins | Alpine upstream packaging changed - breaking the ONAP build - CIA team to review and recommend long term strategy | Adolfo Perez-Duran||
10min | CII badging and vulnerability disclosure | Call to action: Update you CII badging info Pawel created a ticket to improve readthedoc, working with Sofia accordingly (SECCOM): provide template for PTLs to report their security/vulnerability issues including rules for exposing ports outside the cluster #2 CII badging - e-mail sent to PTLs & Security #2.1 SO is ok to be reviewed by Security #2.2. another few projects still need to complete their items | ||||
10 min | El Alto security priorities | Paweł Pawlak | Key components versioning, recommendations after known vulnerabilities analysis, follow-up with fixes related to OJSI tickets, ONAP communication matrix #3.1 Work in progress. Natacha is working on a proposition to be presented during ONAP DDF in Sweden Additional recommendations from Security about K8S, Tomcat, Alpine, etc. should be defined for the incoming releases so each project will have a common OS, common open source strategy #3.2 OSJI tickets - interaction with PTLs is required - Please have a look at them asap Holmes, Logging, Portal, UUI, VFC, VNFSDK - vulnerability table OOM - CII Badging - now updated #3.3 Other item: Early disclosure to Operators has been approved by TSC. In the future, audience could be reviewed - SECCOM to assess Any TUESDAY, feel free to join SECCOM if you have any suggestion |
Zoom Chat Log
Anchor | ||||
---|---|---|---|---|
|
From Me to Everyone: 03:05 PM
#Dublin Release
From Me to Everyone: 03:20 PM
#info review remaining Highest/high
From Me to Everyone: 03:53 PM
#Review your documentation tickets but please do not close your tickets without any comment or without making any change otherwise we will re-open the tickets :-(
#Integration status - feedback from Tao received
# Please review Dublin messaging when you have few mins
#CIA- presentation to postpone to June 3rd
#info Security topics
#1 Pawel created a ticket to improve readthedoc, working with Sofia accordingly
#2 CII badging - e-mail sent to PTLs & Security
#2.1 SO is ok to be reviewed by Security
#2.2. another few projects still need to complete their items
#3 key component versioning
#3.1 Work in progress. Natacha is working on a proposition to be presented during ONAP DDF in Sweden
Additional recommendations from Security about K8S, Tomcat, Alpine, etc. should be defined for the incoming releases so each project will have a common OS, common open source strategy
#3.2 OSJI tickets - interaction with PTLs
#3.3 Other item:
Early disclosure to Operators has been approved by TSC. In the future, audience could be reviewed - SECCOM to assess
Any Wednesday, feel free to join SECCOM if you have any suggestion
From Amy Zwarico to Everyone: 03:57 PM
Projects that have not completed vulnerability review tables:
Holmes, Logging, Portal, SO, UUI, VFC, VNFSDK
From Me to Everyone: 04:01 PM
PTLs to provide RELEASE Images ASAP
If you have the ONAP Helpdesk ticket then please share so we can bring them on top of the list
From Mike Elliott to Everyone: 04:03 PM
@Pawel, CII badging updated for OOM
Action Items
<2-15-2019> Preparing a preso for review of all known infrastructure change requests for review at PTL meeting 2-25-2019
<2019-04-08: global-jjb progress report: start on DCAE soon - focus on El Alto delivery (precursor to Dockerhub)<2019-04-22 - Using mvn staging plugins to deploy - unfort many of the changes need to be in the source code to insure the job is running><2019-05-27> global-jjb still in progress 2/11: Migrate Docker image releases from Nexus3 into Docker Hub (Architecture Independence) by Dublin M4. - Rich Bennett
Request from Rich Bennett about Storage/Persistent Data Architecture Plan/PTLs - Single NFS server?
<2019-04-22: performance issues with old config - have bare metal cluster - - want to bring in more realistic operational aspects to the testing - network storage vs direct, would like to place modules in isolation into the environment. Evaluating the utility of testing this way. Tlab persistent storage IO architecture