Please find below the Minutes of Meetings and recording for the SECCOM meeting that was held on 7th of Juy 2020.
| Jira No | Summary | Description | Status | Solution |
|---|---|---|---|---|
| Service Mesh PoC status update | -Now work on migrating yaml files to proper helm templates (2.0 supported by ONAP, no resources so far for 3.0 – evident benefit: no limit for chart size), infra part to be added to OOM scripts, then first ONAP component to be migrated to service mesh. | ongoing | ||
Support for projects with python upgrades - Michal | Michal is supporting SDC and DCAE projects. For the DCAE support is tracked under DCAEGEN2-2292 - Getting issue details... STATUS : -An unofficial library usage is not a preferred solution as it later requires a maintenance. We recommend to wait until July, when open source Cloudify version is available - if only you would be enough time to perform all required activities within August time frame – to be confirmed with Michal. -For the PyPy Python Interpreter in 3.6 SECCOM is fine with that in Guilin release - in H release upgrade to version 3.8 could be planned (we don't expect significant effort with that – to be confirmed with Michal. | ongoing | To provide SECCOM feedback under Jira item - done. | |
| https://jira.onap.org/browse/DCAEGEN2-2270 | DCAE components upgrade | DCAE uses 1.3 branch of drop wizard. Maven recommendation of latest version is 2.0.11. Influence on jetty upgrade. SECCOM Recommendation: as Jetty vulnerability is priority 2 for SECCOM, it is acceptable that they can not do the upgrade. Our preference is to upgrade drop wizard to 2.0 version train. For Honolulu release DCAE must upgrade jiraDCAEgen2270 | ||
LFN Developer and Testing Forum: June 22nd-25th | Virtual Event. - summary: Several security oriented presentations provided by Amy and Krzysztof: -Service Mesh PoC status update - Krzysztof -License and security – docker base images - Krzysztof -OOM status update and logs management with Kubernetes – Krzysztof/Sylvain -SECCOM non functional requirements - Amy -Packages upgrades - Amy | Done | ||
| Images updates | Alpine vs. Ubuntu vs. Debian vs. CentOS – PTLs call summary: Alpine has GPLv3 licensing so as huge part of Linux commands (90%). CCSDK need Alpine. Policy is using Debian. Bash and GPLv3 discussion. But we will not do any changes to Bash. Kernel is covered by GPLv2. GPLv3 is copyleft when you redistribute the images. Each operator could check internally if GPLv3 is problematic. | Krzysztof is working on providding full list of licenses used in Alpine. | ||
| Upgrading packages | Policy team completed their upgrades! - congratulations! | |||
| OUR NEXT SECCOM MEETING CALL WILL BE HELD ON 11th OF JULY'20. | Topics proposed:
|