Versions Compared

Old Version 10

changes.mady.by.user LJ Illuzzi

Saved on

compared with

New Version Current

changes.mady.by.user LJ Illuzzi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Meeting Recording

...

Meeting Chat File

Attendees & Representation. Please add your name to the attendance table below.

...

Attendees

Name

Company
Daniel HaveyMicrosoft

Eric Tice

Wipro

VM (Vicky) BrasseurWipro
Brian MerrellWalmart
Karan DalalWalmart
Balachandra KamatWipro
Dave ThalerMicrosoft
Divya ReddyWalmart

Jason Niesz

Walmart
Satya Pradhan
Kanthi P












LF Staff:  LJ Illuzzi

...

  • Cross platform signing
    • DaveT: Was anybody able to review the patch.
      • Brian: Went through the conversation
    • DaveT: Topic will be discussed in the eBPF foundation BSC meeting. 1 Week from today L3AF will be presenting. Next meeting - design of signing needs to be cross-platform.
      • Two proposals:
        • Matteo's - cross-platform, very well aligned with L3AFd.
          • Would be helpful if the L3AF community supported this proposal
        • Other - approved list of binaries (Linux centric)
          • Can load anything that is on the authorized list.
          • Does not meet L3AF or eBPF for Windows needs.
        • Would be fine if both were merged
    • DaveT: Cisco's (Chris) opinion would be very helpful
      • Weigh in on the Linux discussion group and on the BSC call.
      • Karan could add a bullet point to presentation - collective opinion of the L3AF community.
      • Brian: Add a point in your document about this?
        • Matteo's original patch was a config option to add only signed programs.
        • Alexi's other patch is moving forward
        • John Fastabend (on Linux discussion) and Luca agreed that the features needed by MSFT could be implemented inside of libBPF and as an eBPF program
        • This conversation ended on Dec. 9th (Before Matteo presented at L3AF)
      • DaveT: Meeting with Matteo after this call
      • Brian: L3AF could include the signing eBPF program as part of its eBPF program chain. (According to discussion on Linux group)
      • Vicky: Invite Matteo to next weeks meeting.
      • Have L3AF call next week to discuss signing before BSC meeting.
      • Louis: Will not be at the L3AF call next week , but will give the keys to an appropriate host.
  • Brian: L3AF Kernel Marketplace
    • https://github.com/l3af-project/l3af-arch/discussions/9
    • DaveT suggests adding this as a PR for line-level comments (Brian will do)
    • DaveT: Kernel functions only diss-allows eBPF programs that can be uploaded to NICs. Suggest a name change.
    • Vicky: Suggest package manager as a concept for the name. Define broadly. Names have power.
    • DaveT: The name implies scope.
  • Brian: What should we name it?
    • eBPF is difficult to say and will probably need an acronym.
    • Vicky: eBPF Package Manager == EPM
    • Karan: EPM / eBPF package manager does make a lot of sense, in terms of scope
  • Brian: is the Kernel Function Marketplace part of the L3AF project?
    • May make sense to migrate to its own project.
      • In the future a platform agnostic place may be apropos for the EPM
        • Vicky: L3AF could be its initial client. This could really help L3AF. Define it as something standardized that a package manager can use.
        • This way the EPM would be a force to increase L3AF adoption and help us push towards standardization for both EPM and L3AF.
    • DaveT: Benefits to both ways of doing this:
      • Inside L3AF then it is closely located with all the other parts of L3AF. This could help widen the scope of L3AF.
      • Outside L3AF then it can include things that do not work with the current version of L3AF.
      • There isn't a BSC opinion yet. It is forming now.
      • Distinguish between L3AFd and eBPF.
      • Answer: What is the L3AF project? 
        • Today it is the L3AFd, but in the future we will expand scope.
    • Vicky: EPM should be outside L3AF because there will be others working on it.
    • DaveT: Is it part of one of these or both?
      • Thing that LF sanctions - L3AFP (legal entity)
      • L3AFp - Github repo
  • DaveT: eBPF code signing portion in additional bullet point in the lifecycle management section.
    • Brian: 2 different layers of signing
      • Package contribs of compiled source code (signed). This is app layer packaging.
      • Signing of eBPF programs.
      • Doc only currently talks about package signing
    • DaveT: Please put that in proposal.
      • Some cases where signing should be done by author, others signed by the repository.
  • Brian: Initial version Github repo may be sufficient 
    • Assumes that everyone will be okay pushing their code to a L3AF Project repo
    • Revisions could be tested and reviewed by L3AF team
  • DaveT: Requiring manual review? Good/Bad?
    • Brian: Short term - no manual vetting
      • We currently do not have automatic review
    • DaveT: Requirement to have automated review.
    • Vicky: Marketplace needs manual review for safety.
    • DaveT: Manual review could be optional.
    • Vicky: Is part of the review going to be for security.
      • Automatic review - definitely. Manual reviews - maybe. (at the start)
    • DaveT: Notion of private repo
    • Jason: For startup we need manual review
  • Brian: Hosting source code or packages
    • Source code - versioning etc.
    • Package or archive - what is needed to run the program along with docs
      • Signed by repo
  • Karan: Please review doc. We will discuss in next meeting.
    • This is the area where we need support from the community.
  • Brian: Will put up the pull request today.
    • Please discuss on PR.
  • Louis: LEAF session is 8:15 ET will this work?
    • Daniel: Will check with Poorna
    • Need email for presenters.
  • LFN induction - Need a separate meeting to discuss this
    • Needs a lot of community input.
    • General agreement.



*** Minutes from 12/15/2021 ***

...