/
PTL 2018-09-17

PTL 2018-09-17

Jul 12, 2019

Sep 17, 2018

2018 PTL Recordings

Zoom Chat Log

Sep 17, 2018

2018 PTL Recordings

Zoom Chat Log

Duration 60 minutes

Duration

Agenda Item

Requested by

Notes / Links

Duration

Agenda Item

Requested by

Notes / Links

START RECORDING

 

Sonatype Nexus CLM update

@Gildas Lanilis Gmail

Agreement

 After further discussions during PTL meeting, in order to provide better tracking mechanism for developers, it was decided to proceed in a 2 steps approach (documented in slides #8):

  1. PTL Have a working wiki private page that contains all the info (cve, artifacts, version, modules). Private wiki page location under the Security space at Security Vulnerabilities Home. Accessible to PTLs, SECCOM,Committers. Optional page for the team to decide. Link Former template

  2. Team (Amy, Steve, Pavel) to review and curate (create a new public page) for PUBLIC publishing.

Action items

@Gildas Lanilis Gmail Follow up with Seshu to discuss vulnerabilities impacting multiple projects.

 

Zoom Chat Log 

06:10:45 From Kenny Paul (Linux Foundation) : https://lf-onap.atlassian.net/wiki/display/SV/Security+Vulnerabilities+Home
06:14:26 From Catherine Lefevre : Thank you Kenny !
06:19:14 From Michael O'Brien(Amdocs,LOG) : Question on visibility and priority: If a CVE affects an internal port - usually DB for example - it would be lower than a CVE on a rest endpoint exposed by a NodePort/LB - The larger question are we expecting hackers inside the network - or should we concentrate on directly exposed ports first
06:23:03 From Jimmy Forsyth : If we share the Nexus reports on a community zoom bridge, can we then post the recording of that zoom session on the wiki?
06:23:31 From Kenny Paul (Linux Foundation) : technically, no
06:23:53 From Jimmy Forsyth : +1 Dan
06:24:18 From Kenny Paul (Linux Foundation) : I need to drop for the modeling meeting.
06:25:46 From Amy Zwarico : https://cve.mitre.org/cve/
06:26:05 From Amy Zwarico : https://nvd.nist.gov/vuln/search
06:31:27 From Michael Lando (SDC) : +1 for having the secuirity wiki and all update ther .
06:31:37 From Michael O'Brien(Amdocs,LOG) : +1 sounds good
06:32:51 From Shankar Narayanan : +1
06:37:05 From Sai Seshu : +1
06:43:32 From Chris Donley : There is no non-vulnerable version of Jackson, but there are secure ways to use it. That's what we need to be aware of.
06:58:24 From Gildas Lanilis : https://lf-onap.atlassian.net/wiki/display/DW/Vulnerability+Threat+Template