...
Jira No | Summary | Description | Status | Solution | ||||
---|---|---|---|---|---|---|---|---|
Oparent | -Only 2 PTLs responded to Amy’s e-mail -No objections on Oparent retirement, we have no volunteer to maintain it up to date -pom.xml contains more than cross project common package dependencies | Recommendation: -retain oparent/pom.xml -Make Andreas Geissler a committer and ask the integration or OOM team to update the file per release -Proposal:
-Byung will discuss with Andreas and OOM team and report at 8/22 SECCOM -Amy will contact Liam Fallon and Pam for history | ||||||
No PTL for AAI, DCAE, OOF | -Andreas Geissler and Thomas | Kulick Kulik made committers -They will do the work necessary for the projects to participate in the release Will AAI, DCAE, OOF have security vulnerabilities fixed? | -Byung will discuss with Andreas and Thomas to coordinate release tasks such as backlog prioritization -Muddasar: someone needs to take backlog management role -Muddasar: no mandated best practice to manage technical debt; call for a statement about code quality – all code will be secure -Muddasar & Amy: bring mandate for code quality to LFN TAC 2023/8/16 | |||||
ONAP Streamlining | -Role of SECCOM -Prioritization of vulnerability fixes -Prioritization of security enhancements -Proposal: ONAP projects work with latest version of common components such as Istio, KeyCloak, Kafka ONAP Streamlining - The Process (Link) Deck shared with TSC: ONAP - Streamlining the process Report-2023-8-3-v2.pptx (live.com) | |||||||
5 Years security questionnaire for Policy project | Tony to invite Policy represenatives to one of the next SECCOM meetings | Documenting APIs | Policy framework began the review of 5yr questionnaire and will complete the review at the 22 August meeting. | |||||
Java 17 vs. Java 21 | We propose ONAP project to upgrade to Java 17, packages as there might be some missing dependencies for Java 21, so projects might target it but juno from 11 directlly to 21 might be a significant effort. | LF IT CI/CD security review | 85-90% information received by Muddasar. Good security hardening is already in place. Muddasar shared presentation (below). | PTL meeting (August 7th) | ||||
TSC meeting (August | 3rd10rd) | -Presentation on disaggregation topics submitted by Byung, voting expected on August 10th. -ONAP migrating to GitHub -TSC meeting management migrating to LFX tools - access to meeting recordings will be through your individual dashboard | ||||||
NEXT SECCOM MEETING CALL WILL BE HELD ON | 15th 22nd of August 2023. |
Recordings:
2023-08-08_SECCOM_week23_08_15_audio1491690214.m4a
SECCOM presentation:
2023-08-08 15 ONAP Security Meeting - AgendaAndMinutes.pptx View file