Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 7th of Juy July 2020.
| Jira No | Summary | Description | Status | Solution | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Service Mesh PoC status update | -Now work on migrating yaml files to proper helm templates (2.0 supported by ONAP, no resources so far for 3.0 – evident benefit: no limit for chart size), infra part to be added to OOM scripts, then first ONAP component to be migrated to service mesh. | ongoing | |||||||||||||
Support for projects with python upgrades - Michal | Michal is supporting SDC and DCAE projects. For the DCAE support is tracked under
-An unofficial library usage is not a preferred solution as it later requires a maintenance. We recommend to wait until July, when open source Cloudify version is available - if only you would be enough time to perform all required activities within August time frame – to be confirmed with Michal. -For the PyPy Python Interpreter in 3.6 SECCOM is fine with that in Guilin release - in H release upgrade to version 3.8 could be planned (we don't expect significant effort with that – to be confirmed with Michal. | ongoing | To provide SECCOM feedback under Jira item - done. | ||||||||||||
https://jira.onap.org/browse/
| DCAE components upgrade | DCAE uses 1.3 branch of drop wizard. Maven recommendation of latest version is 2.0.11. Influence on jetty upgrade. SECCOM Recommendation: as Jetty vulnerability is priority 2 for SECCOM, it is acceptable that they can not do the upgrade. Our preference is to upgrade drop wizard to 2.0 version train. For Honolulu release DCAE must upgrade jiraDCAEgen2270jetty. | |||||||||||||
| ONAP Images | Krzysztof has sent an e-mail to ONAP TSC and ONAP distribution list to ask TSC to vote on a list of approved licenses for our docker images. GPLv3 = in the context of redistribution of modifications: apart from providing the source code, mechanizm and instruction on how to replace the package with a modified by end user version, must be provided. In general companies are not very happy to provide such instructions. Making available = redistributing. | waiting for a feedback | Problem stated clearly enough. | ||||||||||||
| Base image | Questions are keep coming to SECCOM, but we can recommend versions but not base images. Ownership of base images is more on the Integration side. | ongoing | Morgan to be contacted to confirm his ownership to maintain base images. | ||||||||||||
| Flow matrix | Catherine asked to close this req-376 - Wiki created to collect data from PTLs. Catherine to be contacted and topic to be proposed at the next PTLs meeting | ongoing | E-mail to be sent to Catherine to explain that this requirement does not put any additional effort on PTLs - just provide information. | ||||||||||||
| Harbor follow-up. | No slot reserved so far for the TSC meeting to present. | pending | To consult Eric. | LFN Developer and Testing Forum: June 22nd-25th | Virtual Event. - summary: Several security oriented presentations provided by Amy and Krzysztof: -Service Mesh PoC status update - Krzysztof -License and security – docker base images - Krzysztof -OOM status update and logs management with Kubernetes – Krzysztof/Sylvain -SECCOM non functional requirements - Amy -Packages upgrades - Amy | Done | Images updates | Alpine vs. Ubuntu vs. Debian vs. CentOS – PTLs call summary: Alpine has GPLv3 licensing so as huge part of Linux commands (90%). CCSDK need Alpine. Policy is using Debian. Bash and GPLv3 discussion. But we will not do any changes to Bash. Kernel is covered by GPLv2. GPLv3 is copyleft when you redistribute the images. Each operator could check internally if GPLv3 is problematic. | Krzysztof is working on providding full list of licenses used in Alpine. | Upgrading packages | Policy team completed their upgrades! - congratulations! | ||||
| OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 11th OF JULY'20. | Topics proposed:
|
...
| View file | ||||
|---|---|---|---|---|
|
| View file | ||||
|---|---|---|---|---|
|