Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

Agenda

START RECORDING

Duration

Agenda Item

Requested byNotes / Links
1 hour

Cross-project discussions

Amy Zwarico

SECCOM proposed change to analyzing known vulnerabilities and updating vulnerable packages

  • Remove requirement to provide effective/ineffective analysis until there are tools to support the analysis
  • Projects update direct dependencies in their applications to most recent version of packages
    • Projects open Jiras to update packages in direct dependencies
    • No requirement to upgrade transitive dependent packages
  • oparent updated to most recent version of included packages (as of the time of the oparent release for the ONAP release)
  • PTLs provide feedback on proposal to SECCOM nlt Dec 4

LF IT Support


  • Repository Management FAQ
    • Send email to infrastructure-coordinator@onap.org
    • The Infrastructure coordinator is responsible for reviewing the request and either opening the ticket with LF-IT if everything is OK  --OR-- taking the issue back up with the PTL  --OR--  escalating it to the TSC only if something in the request is not OK and the PTL insists on moving forward anyway.
      • Concern about responsiveness.
        • Coordinator has been periodically unavailable -
        • Dave/Kenny to follow up with coordinator to ensure ongoing availability and understanding of role
      • Do we need a backup for the coordinator when unavailable (bus trips, vacation, etc.)
        • PTLs may make a request to the TSC to identify a backup
          • On the agenda for this week's TSC meeting
  •  Tickets
    • IT-17899- APPC code coverage down from 80% to 5%
    • IT-18325 - Create 3 new repositories to manage docker images
      • Waiting on Infra Coordinator
  • Migration Status / Upcoming Changes
  • Action:  PTLs review migration results and add comments on migration tracker
Testing Environment
  • Still removing images that are 20 ? days created vs updated. X.X.X-SNAPSHOT, can we please not remove these unless the update date > 20? days. What images should be retained? There is some inconsistency still.

Testing Improvement

  • New sonarcloud (possibly covered above by Jessica): Is there a way to login so a PTL can customize their view?
    • Jessica Gonzalez reports that we are losing some capability with the newer version.  However, it's necessary to update to maintain vendor support.

CSIT Review


  • Disabled jenkins jobs to be cleaned up this week
  • PTL will be included on gerrit review
  • contact Morgan Richommewith any concerns

ToolChain Improvement



Other Improvement suggestion



Subcommittee Updates for PTLs


Cassandra 3 upgrade for the common cluster in OOM Ofir Sonsino

  • Ofir and Jimmy to discuss and come back to PTL meeting with recommendation

No update, will report next week

TSC UpdateProject Life-cycle Review

Preparation of the material to review Project life cycle as part of Frankfurt M2 Milestone.

https://jira.onap.org/browse/TSC-107

Sharing Best Practices


IF TIME ALLOWS ....
15 minsRelease status

M1 wrapup David McBride

Lab changes and impact on Frankfurt Schedule Brian Freeman

M2/M3 JIRA issues generated Nov 21 David McBride

Marco Platania reports that we have a release blocking issue at Wind River labs

5 minsUpcoming Events
10 minsRemaining Action ItemsPTL Weekly ONAP12, Mon UTC 13:00

Zoom Chat Log 

06:15:56 From cl664y : I have probably sent to onap-release only when the message is for PTLs
06:17:00 From Amy Zwarico : Amy Zwarico sent email to onap-release on Monday, 25 November, titled "NexusIQ Vulnerability Management for Frankfurt"
06:43:30 From Krzysztof Opasiak : The ticket id is IT-18372
06:54:10 From Pamela Dragosh : I have 2 more questions to add. 1) for removal of password from OOM charts, where are the JIRa’s for this? 2) seems the documentation project merge job is not producing any changes into the readthedocs
07:12:31 From Tony Hansen : http://tlhansen.us/onap/cii.html
07:12:46 From Tony Hansen : https://wiki.onap.org/display/DW/CII+Badging+Program
07:28:38 From morgan : need to drop. From an integration perspective, we have critical issues with the windriver lab (no access to some VMs, none of the lab answering properly) Jira is tracking the progress.

Action Items 

  • Jessica Gonzalezinvestigate whether it is possible to ignore a Sonar reported vulnerability through code annotation or other means
  • Kenny Paul alert DDF programming committee regarding TSC-107 and related proposal.  How will this be done? What is the time requirement?
  • No labels