SECCOM proposed change to analyzing known vulnerabilities and updating vulnerable packages

• Remove requirement to provide effective/ineffective analysis until there are tools to support the analysis
• Projects update direct dependencies in their applications to most recent version of packages
  • Projects open Jiras to update packages in direct dependencies
  • No requirement to upgrade transitive dependent packages
• oparent updated to most recent version of included packages (as of the time of the oparent release for the ONAP release)
• PTLs provide feedback on proposal to SECCOM nlt Dec 4

• Repository Management FAQ
  • Send email to infrastructure-coordinator@onap.org
  • The Infrastructure coordinator is responsible for reviewing the request and either opening the ticket with LF-IT if everything is OK  --OR-- taking the issue back up with the PTL  --OR--  escalating it to the TSC only if something in the request is not OK and the PTL insists on moving forward anyway.
    • Concern about responsiveness.
      • Coordinator has been periodically unavailable -
      • Dave/Kenny to follow up with coordinator to ensure ongoing availability and understanding of role
    • Do we need a backup for the coordinator when unavailable (bus trips, vacation, etc.)
      • PTLs may make a request to the TSC to identify a backup
        • On the agenda for this week's TSC meeting
•  Tickets
  • IT-17899- APPC code coverage down from 80% to 5%
  • IT-18325 - Create 3 new repositories to manage docker images
    • Waiting on Infra Coordinator
• Migration Status / Upcoming Changes
  • Jessica Gonzalez has created a SonarCloud migration tracker
• Action:  PTLs review migration results and add comments on migration tracker

Pamela Dragosh

Pamela Dragosh

• New sonarcloud (possibly covered above by Jessica): Is there a way to login so a PTL can customize their view?
  • Jessica Gonzalez reports that we are losing some capability with the newer version.  However, it's necessary to update to maintain vendor support.

• Disabled jenkins jobs to be cleaned up this week
• PTL will be included on gerrit review
• contact Morgan Richommewith any concerns

Cassandra 3 upgrade for the common cluster in OOM Ofir Sonsino

• Ofir and Jimmy to discuss and come back to PTL meeting with recommendation
  • Ofir Sonsino  to update PTL on Dec 2 or Dec 9

No update, will report next week

CII Badging Tony Hansen

El-Alto Retrospective David McBride

• Decide on date

JIRA Hygiene David McBride

• Walk of shame

David McBride

Paweł Pawlak djhunt

Alla.Goldner

Stephen terrill

Hui Deng  Andy Mayer

Pamela Dragosh

M1 wrapup David McBride

• Frankfurt Milestone Status
• TSC approved M1 requirements

Lab changes and impact on Frankfurt Schedule Brian Freeman

M2/M3 JIRA issues generated Nov 21 David McBride

• #1501  

Marco Platania reports that we have a release blocking issue at Wind River labs

Kenny Paul

Former user (Deleted)