2020-06-30 Security Subcommittee Meeting Notes
Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 30th of June 2020.
Jira No | Summary | Description | Status | Solution |
---|---|---|---|---|
| Support for projects with python upgrades - Michal | Michal is supporting SDC and DCAE projects. For the DCAE support is tracked under DCAEGEN2-2292: REQ-373 ONAP must complete update of the Python language (from 2.7 -> 3.8)Closed: -An unofficial library usage is not a preferred solution as it later requires a maintenance. We recommend to wait until July, when open source Cloudify version is available - if only you would be enough time to perform all required activities within August time frame – to be confirmed with Michal. -For the PyPy Python Interpreter in 3.6 SECCOM is fine with that in Guilin release - in H release upgrade to version 3.8 could be planned (we don't expect significant effort with that – to be confirmed with Michal. | ongoing | To provide SECCOM feedback under Jira item - done. |
| LFN Developer and Testing Forum: June 22nd-25th | Virtual Event. - summary: Several security oriented presentations provided by Amy and Krzysztof: -Service Mesh PoC status update - Krzysztof -License and security – docker base images - Krzysztof -OOM status update and logs management with Kubernetes – Krzysztof/Sylvain -SECCOM non functional requirements - Amy -Packages upgrades - Amy | Done |
|
| Images updates | Alpine vs. Ubuntu vs. Debian vs. CentOS – PTLs call summary: Alpine has GPLv3 licensing so as huge part of Linux commands (90%). CCSDK need Alpine. Policy is using Debian. Bash and GPLv3 discussion. But we will not do any changes to Bash. Kernel is covered by GPLv2. GPLv3 is copyleft when you redistribute the images. Each operator could check internally if GPLv3 is problematic. |
| Krzysztof is working on providding full list of licenses used in Alpine. |
| Upgrading packages | Policy team completed their upgrades! - congratulations! |
|
|
| Guilin release scheduling | M1: 9th of July, M2/M3: August 6th, M4: September 10th, RC0: October 1st, RC1: October 15th, RC2: October 29th, Release signoff: November 5th. |
|
|
| OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 4th OF JULY'20. | Topics proposed:
|
|
|