|Agenda Item||Requested by||Notes / Links|
|Recommendations from security sub-committee to the TSC for approval.|
|S3P table update & release status|
|Functional Requirements status||Beijing Functional Requirements for TSC Approval|
|Integration status||Helen Chen|
|Architecture Recommendations||Chris Donley|
|Project scope review?||Stephen Terrill|
Moved to Jan 25 meeting
Full IRC Log
13:55:21 <kennypaul> #startmeeting tsc 2017-01-11 13:55:21 <collabot> Meeting started Thu Jan 11 13:55:21 2018 UTC. The chair is kennypaul. Information about MeetBot at http://wiki.debian.org/MeetBot. 13:55:21 <collabot> Useful Commands: #action #agreed #help #info #idea #link #topic. 13:55:21 <collabot> The meeting name has been set to 'tsc_2017_01_11' 13:55:31 <kennypaul> #chair phrobb 13:55:31 <collabot> Current chairs: kennypaul phrobb 13:55:41 <kennypaul> #topic rollcall 13:58:05 <alla_> #info Alla Goldner, Amdocs 14:00:24 <frankbrockners> #info Frank Brockners 14:00:28 <amir_levy> #info Amir Levy Cloudify 14:00:48 <cdonley> #info Chris Donley Huawei 14:00:49 <RannyHaiby> #info Ranny Haiby, Nokia 14:01:21 <rajeshgadiyar> #info Rajesh Gadiyar Intel 14:02:40 <jamil> #info jamil for Orange 14:02:42 <xinhuili> #info xinhui li, VMware 14:02:43 <JasonHunt> #info Jason Hunt, IBM 14:03:08 <ningso> #info Ning So, Reliance Jio 14:03:54 <gilbert> #info mazin 14:03:58 <kennypaul> #info Lingli Deng, CMCC 14:04:12 <Zhaoxing> #info Zhaoxing Meng, ZTE 14:06:07 <SteveT> #info Stephen Terrill, Ericsson 14:09:05 <kennypaul> #topic Security recommendations 14:09:07 <phrobb> #topic Security Subcommittee Readout 14:10:37 <phrobb> #info SteveT explains the static scanning and the build-time dependency scanning that is possible 14:11:04 <phrobb> #info 2 proposals for each of these types of scanning 14:12:11 <phrobb> #info for Static scanning, the committee recommends Coverity. It looks to be good enough to begin with for the project. The recommendation is to have a weekly scan via Coverity and the result will be provided to the PTLs 14:12:53 <phrobb> #info the committee needs help from LF to deliver scan reports to PTLs 14:14:05 <DhananjayPavgi> #info Dhananjay Pavgi, Tech Mahindra 14:14:06 <phrobb> #info New release cycle requirements - M3 No high level vulnterabilities and M4 No high or medium level vulnerabilities 14:16:27 <frankbrockners> FYI - many projects use coverity https://scan.coverity.com/projects 14:16:43 <frankbrockners> see e.g. for OpenDaylight: https://scan.coverity.com/projects/opendaylight 14:17:42 <frankbrockners> or FD.io/VPP: https://scan.coverity.com/projects/fd-io-vpp 14:21:57 <kennypaul> #info discussion over whether to start scans w/ Amsterdam or Beijing 14:23:31 <kennypaul> #info request is also for LF to integrate coverity scan into ci/cd 14:24:01 <kennypaul> #info administration will be required on the part of the community 14:24:28 <Susana_> #info Susana Sabater, Vodafone 14:24:44 <kennypaul> #action kennypaul submit ticket for coverity scanning 14:25:56 <kennypaul> #info request for nexus-iq scanning be made available to the PTLs 14:26:47 <kennypaul> #info LF ready to open the reports to PTLs 14:29:35 <kennypaul> #agreed the requests outlined in the presentation materials will be adopted 14:33:46 <kennypaul> #info request the LF will check on the ability to open up nexus to community. 14:34:27 <kennypaul> #info request ability for community to make manual runs 14:35:22 <kennypaul> #action Pam to submit a ticket, cc kenny and phil 14:35:49 <kennypaul> #topic Release Status 14:36:16 <kennypaul> #info gildaslanilis reviewed his slides 14:39:46 <kennypaul> #link https://wiki.onap.org/display/DW/Beijing+Release+Platform+Maturity 14:41:06 <kennypaul> #action PTLS for projects that have not updated above link must provide status by toimorrow. 14:42:29 <nagu> #info nagaraja sr, Infosys 14:46:09 <kennypaul> #info discussion of Music project 14:46:57 <kennypaul> #info does project proposal align with OOM. 14:47:03 <kennypaul> ? 14:48:03 <kennypaul> #info There is overlap w/ OOM 14:55:09 <kennypaul> #info key players on OOM are unavailable 14:59:16 <kennypaul> #info certificate and secret management agreed to be part of AAF 14:59:39 <kennypaul> #info integration team blocked by a couple of bugs 15:01:20 <kennypaul> #action meeting w/ following people regarding music/oom 15:01:44 <kennypaul> #info firstname.lastname@example.orgemail@example.com??Roger.Maitland@amdocs.com??Mike.Elliott@amdocs.com??Mandeep.Khinda@firstname.lastname@example.orgemail@example.comfirstname.lastname@example.org 15:03:26 <kennypaul> #topic Functional Requirements 15:03:50 <kennypaul> #info Alla Goldner reviewed the slides 15:05:28 <kennypaul> #info (OOM/Music) Also email@example.com for meeting 15:06:53 <kennypaul> #info HFA in best shape 15:11:07 <kennypaul> #info likely 3-4 will be ready by next week. 15:11:30 <kennypaul> #info focusing efforts on those 15:13:56 <kennypaul> #info likely requirements are HPA, Change Management, Auto scaling, Manul scaling, PNF 15:14:40 <kennypaul> #topic integrtation 15:14:54 <kennypaul> #info bl;ocked as mentioned before 15:15:54 <kennypaul> #topic Arch recommendations 15:16:37 <kennypaul> #info cdonley reviewed the slides 15:18:33 <kennypaul> #info #info asking teams to focus on documentation of apis 15:19:15 <kennypaul> #info standardise on swagger for api doc 15:21:43 <kennypaul> #info asking teams to standard on console for kv stores 15:22:35 <kennypaul> #info use common libs & services 15:23:43 <kennypaul> #info arch team will review progress @ M3 15:23:46 <gildaslanilis> #info Meeting for OOM and Music is scheduled to meet on Jan 11 for 11 am PST zoom ID: 22 29 35 56 44 15:25:03 <kennypaul> #info few outstanding components for containers, but all in containers is the goal 15:26:14 <kennypaul> #ingo discussion around M1 checklist 15:26:55 <kennypaul> #info chris is expecting teams will have a few jira tickets opened as part of M1 delivery. 15:27:49 <kennypaul> #info M1 template will be modified going forward. 15:31:39 <kennypaul> #topic upcoming meetings 15:33:02 <kennypaul> #info next week's meeting till be 2 hrs to accomodate M1 reviews 15:33:28 <kennypaul> #info all PTLs or a proxy are required next week 15:34:13 <kennypaul> #info SteveT project scope to be moved to jan 25. 15:34:20 <kennypaul> #endmeeting
Zoom Chat Log
06:05:37 From Alla Goldner : I think we agreed on dates for oNS collocated meeting
06:05:41 From Alla Goldner : march 25-27
06:08:01 From Mazin : Yes. Phil is looking for space.
06:08:57 From Mazin : The TSC meeting will probably happen on Sunday and perhaps monday morning. The rest of the week (Monday-Tuesday-Wednesday) will be subcommittee meetings and joint meetings with other forums
06:16:37 From Amy Zwarico : Will the first scan be on Beijing or Amsterdam?
06:17:32 From Dhananjay Pavgi : Shouldn't it be on Amsterdam Maint rel
06:17:46 From Amy Zwarico : That's what I think as well
06:17:59 From Randa Maher (AT&T) : Since we already release, Amsterdam should be scanned to establish the baseline and make sure Beijing does not introduce new ones and try to close out in Beijing as capacity allows
06:18:43 From Amy Zwarico : Additionally, the project can run Coverity scans themselves as they are producing code. That way they can fix problems early.
06:20:49 From Brian : she isnt saying dont track beijing
06:21:33 From Amy Zwarico : how much Beijing code has been committed?
06:22:15 From Dhananjay Pavgi : Suggest start with Ams Maint rel.
06:22:42 From Dhananjay Pavgi : Then do Delta with Beijing and merge with Beijing?
06:26:19 From Catherine Lefevre : For NEXUS IQ, i think we need to find a way to report false positive. currently we can consult but not perform any update
06:30:13 From Gildas Lanilis - Huawei : why do we limit Nexus-IQ to PTLs?
06:30:22 From Gildas Lanilis - Huawei : why not to open to all?
06:32:48 From Don Levy : committer is a good solution -- i don't think we want to publically share the vulnerability info
06:39:54 From DENG Hui : I am on business trip? will catch up soon
06:40:02 From Kenny Paul : https://wiki.onap.org/display/DW/Beijing+Release+Platform+Maturity
07:00:40 From Michael O'Brien : firstname.lastname@example.org
07:01:03 From Michael O'Brien : OOM/Music meet Meet
F. Michael O'Brien
07:04:32 From Rich Bennett : Kenny/Michael please add Nichola Hu email@example.com to the OOM/Music list
07:05:38 From Kenny Paul : got it
07:06:07 From Kenny Paul : and thanks again Michael!
07:13:25 From Michael O'Brien : sent a mail to Marc and everyone - on the chance he can come to this TSC meet
07:20:10 From Gildas Lanilis - Huawei : Regarding OOM-Music, I have send out the meeting invite.
07:25:33 From Brian : cant change M1 checklists
07:26:41 From Gildas Lanilis - Huawei : correct. we can't chnage checklist.
07:27:50 From Michael O'Brien: kenny, just an fyi that an email discussion already underway with David/OOM - Gildas has booked meet and we are underway - just to take this work item off your list - thanks
07:28:08 From Gildas Lanilis - Huawei : but we cann add any specific info needed within the M1 Release Teamplate, Architecture section.