Attendees & Representation (default sort: member first name)
TAC Members and Project representatives should mark their attendance below
Non-TAC project reps do not count towards meeting quorum
X = Present | P = Proxy (Indicate in the table with @name for @name
| Member | Representing | Member | Representing | Member | Representing | |||
|---|---|---|---|---|---|---|---|---|
| ODIM (sandbox) | FD.io (TAC) | Orange | ||||||
| Anuket (TAC) | @Eyal Felstaine | Amdocs | Nokia | |||||
@Anil Guntupalli | Verizon | Cisco | TF (incubation) | |||||
@Anil Kapur | Juniper | IBM | ||||||
| AT&T | Huawei | Samsung | ||||||
Catherine Lefevre - proxy: Timo Perala | ONAP (TAC) | China Mobile | ODL (TAC) | |||||
| ZTE | Deutsche Telekom | Intel | ||||||
| Ericsson | Walmart | Red Hat | ||||||
| Tech Mahindra | OPX (sandbox) | China Telecom | ||||||
| @Qihui Zhao | XGVela (sandbox) |
LF Staff: Kenny Paul, Casey Cain, LJ Illuzzi, Brandon Wick , Jim Baker
Others: Amy Zwarico, Nicholas Karimi, Tina Tsou
Agenda
- Start the Recording
- We will start by mentioning the project's Antitrust Policy, which you can find linked from the LF and project websites. The policy is important where multiple companies, including potential industry competitors, are participating in meetings. Please review and if you have any questions, please contact your company legal counsel. Members of the LF may contact Andrew Updegrove at the firm Gesmer Updegrove LLP, which provides legal counsel to the LF.
- Roll Call Today's Quorum == 7
- Action Items Review
- Agenda Bashing
- General Topics
- Developer & Testing Forum Update
- Introduction of Committer Representative to the TAC Amy Zwarico
- TAC attendance at TSC meetings
- Committer representative election mechanics
- Discussion: how to resolve communities that have different voting populations for different classes in a TSC? Community picks which voting class or take the broadest class.
- VOTE: For the committer representative election, the eligible voter population for each community will match that community's voting population for their TSC elections.
- Whitepaper updates Ranny Haiby
- LFN-wide security - discussion Ranny Haiby Amy Zwarico
- Any Other Topics
Minutes
Introduction of Amy Zwarico
- Active in SECCOM.Policy, and Integration team in ONAP
- Representing the concerns of the committers to the GB
- during introductions Casey Cain noted that TF rep has left the community and a new TAC rep has not been selected yet.
Developer & Testing Forum
- Next week: -
- Please register, it's free!
- Registration
- Schedule
TAC members attending TSC meetings
- Intent: Get TAC members to attend the project TSC meetings that are not a part of the daily working routine to gain more perspective
- Casey CainTo share out the meeting schedules for all the TSC meetings to facilitate TAC member drop-ins
LFN-wide Security
- Ranny Haiby On-going need for security best practice exchange for all LFN projects
- Perhaps a forum for on-going dialogue on security topics?
- Informal engagements - not a requirements generation body
- Also need a unified LFN messaging about security
- Amy Zwarico Great idea - ONAP experience has given some best practices
- Security includes additional work for all project teams
- Getting LFN wide approaches to security would be useful
- Security requirements are a part of every release
- Some interdependencies between projects exist - so uniform approaches are important (eg. ONAP and ODL)
- EVERY component of ONAP pulls in other upstream code - many external dependencies
- Brian Freeman SolarWinds was a supply chain attack - so treating all the attack surfaces and supply chain is essential
- A TAC recommendation would be useful to help establish the minimum acceptable
- The component list is long: MariaDB, K8s, etc. - all have extensive SW BOM
- Next Steps
- Proposal: Start with a mailing list and wiki space for sharing security tools/processes
- Morgan Richomme A TAC recommendation on basics would be useful
- Build/publish docker containers should be more automated with more scanners as provided by LF IT
- Claiming security when not being thorough is worse than not claiming/doing anything.
Committer representative election mechanics
- How to enable communities that have different structures than just committers/contributors?
- Proposal: Each community provides the list of eligible voters for the committer representative election
- RESOLVED: The TAC agrees that the eligible voter population for the Committer Representative shall match that community's voting population for their TSC General Elections.
- Vote: https://wiki.lfnetworking.org/x/hoRXAw
- #agreed
- Feedback:
- Al MortonEmail discussion was supportive of community designated voter population
- Ranny Haiby No perfect solution - error on the side on inclusivity
- Jason Hunt Agree allow communities to designate the voter pool per community
- Jason Hunt Multiple voting populations should be MORE inclusive (use the largest population)
- Brian Freeman If they can vote for TSC members - then they can vote for the committer representative
- Kenny Paul ONAP and Anuket have broad inclusion in elections. ODL TSC has two classes: committers AND active community members. FD.io - no data
- Brian FreemanAll populations that can vote for general TSC seats, also can vote for the committer representative
Action items
- Kenny Paul create lfn-security list
- Ranny Haiby create LFN security space on wiki
1 Comment
Robert Varga
With my security@lists.odl hat on: Kenny Paul Amy Zwarico what do you think the relationship of lfn-security be to project security mailing lists should be? I bet we can benefits by sharing a single LFN-wide administrative contact for security to the outside world.
Since a number of Maven Central artifacts enter the LFN ecosystem through OpenDaylight's ODL Root Parent definitiions (for example the contract with org.apache.karaf), I am always keen to hear what we can do better (especially with regards to metadata we can generate automatically).