2020-02-04 Security Subcommittee Meeting Notes
Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 4th of February 2020.
Jira No | Summary | Description | Status | Solution |
---|---|---|---|---|
| Java and the new model of licensing for Oracle JDK versus Open JDK – Natacha | Oracle JDK which is commercial - benefits updates Open JDK - like open source so free of charge but support for java 11 but not earlier versions. | Presentation was submitted to recent TSC meeting to ensure the common understanding of the risk. | TSC wants to know which distribution of the OpenJDK is used – Integration team/OOM to be contacted - discussion planned for next status meeting on Wednesday. SECCOM cares Java 11 and not particular distribution - we appreciate common image from governance perspectiveand harmonization - coordination on release manager side. Next steps: E-mail to be sent to Morgan with Pawel B. in copy to confirm if image is already created. |
| Secrets management | Agreement achieved last week (Krzysztof and Samuli) | Written description is needed on the Wiki. | Once we have a written recommendation, it would be reviewed at the next SECCOM meeting and further presented at the TSC for an prroval - once gained it would become best practice. |
| Script for automatic jira ticket generation of direct dependencies to be upgraded was successfully tested with CLAMP by Julien and Pierre. | 2 scripts were created in Python
| Scripts were reviewed as well as CLAMP. No specific feedback from SECCOM received from demo till today. | Nexts steps:
|
| New xtesting security docker has been integrated end of last week. |
| Meeting on Wednesday with OOM and Integration. | Update next week. |
| Frankfurt M2/M3 scorecard SECCOM requirements update | Items reviewed: |
YELLOW RED YELLOW RED Default Default Default Default GREEN RED Default RED
| OJSI status update - projects to be reasked - if no feedback - slot to be assigned on the next PTL call CII Badging - Jira tickets to be isued with script usage. Some answers from hardening questions. |
| ONES NA CFP | SECCOM presentations submitted:
| To be further discussed the scope of SECCOM F2F in LA: ONAP security requirements and allignment with VNF security requirements VNF security requirements CMPv2 update Buiding containers in an unified way for ONAP |
|
| OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 11TH OF FEBRUARY'20 |
|
|
|