Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 4th of February 2020.
| Jira No | Summary | Description | Status | Solution |
|---|---|---|---|---|
| Java and the new model of licensing for Oracle JDK versus Open JDK – Natacha | Oracle JDK which is commercial - benefits updates Open JDK - like open source so free of charge but support for java 11 but not earlier versions. | Presentation was submitted to recent TSC meeting to ensure the common understanding of the risk. | TSC wants to know which distribution of the OpenJDK is used – Integration team/OOM to be contacted - discussion planned for next status meeting on Wednesday. SECCOM cares Java 11 and not particular distribution - we appreciate common image from governance perspectiveand harmonization - coordination on release manager side. Next steps: E-mail to be sent to Morgan with Pawel B. in copy to confirm if image is already created. | |
| Secrets management | Agreement achieved last week (Krzysztof and Samuli) | Written description is needed on the Wiki. | Once we have a written recommendation, it would be reviewed at the next SECCOM meeting and further presented at the TSC for an prroval - once gained it would become best practice. | |
| Script for automatic jira ticket generation of direct dependencies to be upgraded was successfully tested with CLAMP by Julien and Pierre. | 2 scripts were created in Python
| Scripts were reviewed as well as CLAMP. No specific feedback from SECCOM received from demo till today. | Nexts steps:
| |
| New xtesting security docker has been integrated end of last week. | Meeting on Wednesday with OOM and Integration. | Update next week. | ||
| Frankfurt M2/M3 scorecard SECCOM requirements update | Items reviewed:
| YELLOW RED YELLOW RED YELLOW GREEN YELLOW GREEN GREEN RED GREEN RED | Template to be created. | |
| OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 11TH OF FEBRUARY'20 |