Zoom bridge: https://zoom.us/j/283628617?pwd=aWM3WjliUkFtcGFPUEdEMStIRll1UT09 passcode: 248130
PTL Recordings
Antitrust Policy Notice
- Full Policy

We will start our meetings by mentioning the project's Antitrust Policy, which you can find linked from the LF and project websites. The policy is important where multiple companies, including potential industry competitors, are participating in meetings. Please review and if you have any questions, please contact your company legal counsel. Members of the LF may contact Andrew Updegrove at the firm Gesmer Updegrove LLP, which provides legal counsel to the LF.

Agenda

START RECORDING

Duration	Agenda Item	Requested by	Notes / Links
1 hour	Cross-project discussions		TSC approved archiving the dmaap/mirroragent repo (IT-23342) Steve Stark VVP stepping down. No nominations Trevor Lovett VNFRQTs stepping down. No nominations. Where do we move 3GPP VES specification ownership Next Unmaintained projects meeting is today at 8 a.m. Pacific. Let David McBride know if you would like to be added to the invitation
	LF IT Support
	Testing Environment		UNH Lab Intel donated Hw scheduled to be shipped on Dec 17 Will be set up shortly after 1st of year with the help of Wind River Migration of resources to begin immediately following.
	Testing Improvement
	CSIT Review
	ToolChain Improvement
	Documentation
	Other Improvement suggestion
	Subcommittee Updates for PTLs	Chaker Al-Hakim Paweł Pawlak Amy Zwarico	Discussed at the TSC meeting 09 Dec 2021 the tracking of dependencies on other ONAP components will now be part of the Architecture reviews to ensure that we (ONAP) are not dropping the ball on unmaintained components. SECCOM update: New critical issue CVE-2021-44228 - will be discussed at the Seccom meeting tomorrow Global Requirements: [REQ-437 -> REQ-800 ] -> REQ-1067 COMPLETION OF PYTHON LANGUAGE UPDATE (v2.7 → v3.8) [REQ-438 -> REQ-801] -> REQ-1068 COMPLETION OF JAVA LANGUAGE UPDATE (v8 → v11) [REQ-439 -> REQ-863] -> REQ-1066 CONTINUATION OF PACKAGES UPGRADES IN DIRECT DEPENDENCIES [REQ-443] -> REQ-1069 CONTINUATION OF CII BADGING SCORE IMPROVEMENTS FOR SILVER LEVEL [REQ-441] -> REQ-1070 LOGS MANAGEMENT - PHASE 1: COMMON PLACE FOR DATA Best Practices: [REQ-1072] SECURITY LOGS FIELDS [REQ-1073] Using basic image from Integration
	Sharing Best Practices
IF TIME ALLOWS ....
15 mins	Release status		TSC approved Jakarta M1 on Dec 9 M2 scheduled for Jan 27 M2 issues have been published Note: arch review task includes a note for PTLs to share project dependencies as part of the review. New task to color code the Impact View Per Component page
5 mins	Upcoming Events		Cancel TSC meetings on Dec 23 & 30th. Cancel PTL meetings on Dec 27 & Jan 3 LFN Developer and Testing Forum, Jan. 10-13, 2022 (4h topics + 30 mins break)/day , Virtual Event Registration: https://community.lfnetworking.org/events/details/linux-foundation-lfn-developer-testing-forums-presents-lfn-developer-testing-forum-january-2022/ Topics Page - Call for proposals CLOSED (Dec 3) ONAP Community Program Committee Leads: Ranny Haiby , Timo Perala - Thank you Open Networking & Edge Executive Forum (ONEEF) Q1/Q2 Virtual LFN Developer & Testing Forum, Week of June 13th 2022 Physical Event Porto, Portugal Krzysztof Opasiak notes that he will be taking 6 months away from the ONAP project, beginning Dec 23, to complete his PhD program. Krzysztof would like to rejoin ONAP at the conclusion of his program, but it's unclear whether that will be possible. This leaves OOM with a single committer (Sylvain Desbureaux ) Flag to TSC
10 mins	Remaining Action Items

Zoom Chat Log

06:05:20 From Sylvain Desbureaux (Orange) : Only the braves are here ;)
06:05:38 From Muddasar : [removed emoji]
06:18:17 From Bob Heinemann : Pawel what is the CVE number? I'd like to review it.
06:20:15 From Paweł Pawlak : CVE-2021-44228
06:20:23 From Bob Heinemann : Thank you
06:20:41 From David McBride To Chaker Al-Hakim(privately) : Chaker - are you still available? We can’t hear you.
06:20:57 From Paweł Pawlak : More details available in this article: https://www.kaspersky.com/blog/log4shell-critical-vulnerability-in-apache-log4j/43124/
06:21:10 From Paweł Pawlak : thank you Krzysztof for sharing!
06:23:34 From Sylvain Desbureaux (Orange) : Lot of ONAP components are using logbook and should no be impacted
06:24:05 From Paweł Pawlak : I agree with you Sylvain
06:25:54 From Sylvain Desbureaux (Orange) : The bad news is that AAF use log4j (but I don’t know if it’s 1 or 2 [removed emoji])
06:26:40 From Paweł Pawlak : Let me check that
06:27:39 From Bob Heinemann : This article has a very accessible chart explaining how the log4j attack is executed: https://www.helpnetsecurity.com/2021/12/13/log4shell-update-cve-2021-44228/
06:28:16 From Paweł Pawlak : Most probably AAF uses log4j : 1.2.17
06:28:54 From Muddasar : 10/10- sounds critical to me. Already reports of abuse. Is there going to be an announcement to community?
06:30:28 From Sylvain Desbureaux (Orange) : Agreed Pawel: https://github.com/onap/aaf-authz/blob/master/pom.xml#L362
06:32:18 From Dan TIMONEY (AT&T) : According to that article, the log4j vulnerability applies to versions starting with 2.0-beta9 through 2.14.1 … so those projects still on log4j 1.x should not be affected
06:32:51 From Sylvain Desbureaux (Orange) : Yep, it’s a good news IMHO
06:33:50 From Dan TIMONEY (AT&T) : Yup … log4j -> log4j2 is a little painful (the format of the log4j properties is completely different)
06:35:18 From Sylvain Desbureaux (Orange) : Dan, does SDNC uses log4j2? I see a configuration with `log4j2.property` in it
06:46:53 From Michal JAGIELLO (T-Mobile PL) : Does SDC use log4j v2.13.1 https://github.com/onap/sdc/blob/master/pom.xml#L108?
06:47:35 From Sylvain Desbureaux (Orange) : What I’ve see so far:
06:48:14 From Sylvain Desbureaux (Orange) : * vnfsdk: https://github.com/onap/vnfsdk-refrepo/blob/master/vnfmarket-be/vnf-sdk-marketplace/pom.xml#L69-L71
06:48:44 From Sylvain Desbureaux (Orange) : * DMaap MR: https://github.com/onap/dmaap-messagerouter-msgrtr/blob/master/pom.xml#L44
06:49:32 From Michal JAGIELLO (T-Mobile PL) : DMaaP MR Messageservice: https://github.com/onap/dmaap-messagerouter-messageservice/blob/master/pom.xml#L68
06:49:40 From Sylvain Desbureaux (Orange) : * sdc: https://github.com/onap/sdc/blob/master/pom.xml#L108 (but logback is also present)
06:50:29 From Sylvain Desbureaux (Orange) : * vid: https://github.com/onap/cli/blob/master/framework/pom.xml#L57-L59
06:52:01 From Sylvain Desbureaux (Orange) : * oom cert service: https://github.com/onap/oom-platform-cert-service/blob/master/pom.xml#L48
06:53:47 From Michal JAGIELLO (T-Mobile PL) : DMaaP messagerouter mirroragent https://github.com/onap/dmaap-messagerouter-mirroragent/blob/master/pom.xml#L42
06:55:30 From Kenny PAUL (LFN) : need to drop to get the SPC call going.
06:56:53 From Michal JAGIELLO (T-Mobile PL) : Found something in ccsdk-parent https://github.com/onap/ccsdk-parent/blob/master/dependencies-bom/pom.xml#L219

Action Items

Type your task here, using "@" to assign to a user and "//" to select a due date

ONAP Meeting Info

PTL 2021-12-13

Agenda

Topics Page - Call for proposals CLOSED (Dec 3)

Zoom Chat Log

Action Items