16:58:24 #startmeeting tsc 16:58:24 Meeting started Thu Feb 21 16:58:24 2019 UTC. The chair is abhijitk. Information about MeetBot at http://ci.openstack.org/meetbot.html. 16:58:24 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 16:58:24 The meeting name has been set to 'tsc' 16:58:39 #topic Agenda Bashing & Roll Call 16:58:45 #info abhijitk 16:59:08 Zoom taking its sweet time to join :) 16:59:55 Who else is on the call? 17:00:26 abhijitk, Hi, I see "The host has another meeting in progress. Do I have the right link? 17:00:36 I also have the same issue 17:00:50 I see, ok 17:00:54 It should work - and normally works 17:01:03 just started working 17:01:21 #info skitt 17:01:57 Still having issues joining 17:02:27 #info jamoluhrsen 17:02:52 #chair jamoluhrsen dfarrell07 skitt CaseyLF 17:02:52 Current chairs: CaseyLF abhijitk dfarrell07 jamoluhrsen skitt 17:03:08 abhijitk: try to join now? 17:03:36 Yes - but it's still giving me the progress wheel 17:03:43 abhijitk: kill it and try again 17:03:47 of connecting 17:03:49 we're mostly all here 17:03:56 abhijitk: wrong link maybe? use this one https://zoom.us/j/219174946 17:04:00 Yes - that's after killing 17:04:59 #info rovarga 17:05:05 #info Thanh Ha 17:05:08 abhijitk: once again with the kill and join? 17:05:15 abhijitk: should be working normally now 17:05:18 #project odlparent yangtools mdsal controller netconf bgpcep coretutorials infrautils 17:05:23 * rovarga sorely needs a macro 17:05:55 #project lispflowmapping 17:06:02 #info Prem #project coe 17:07:17 fyi, i have conflicting meeting, i cannot attend today, premsankar will be my proxy in case anyvote is required 17:07:17 #topic ONAP and CII vulnerabilities 17:07:19 #info shague 17:08:15 adetalhouet: good to hear from you again! 17:08:44 ONAP representatives: Dan Timoney, Taka Cho, Pawel Pawlak 17:09:10 #info ONAP projects depend on CCSDK which depends on ODL 17:09:25 #info ONAP representatives: Dan Timoney, Taka Cho, Pawel Pawlak 17:09:28 #info ONAP projects need to list vulns in their repos, and some of them come from ODL 17:10:46 zxiiro, nice to be around :) 17:11:49 #info ONAP's suggestion is to create a tiger team with ODL and ONAP representatives to discuss the issues and come up with an action plan 17:13:39 #info on the ODL side, we need to know what version of ODL ONAP is using 17:13:56 #info Oxygen SR4 fixed a number of issues, and is about to stop being supported 17:14:41 #info quite a few of the issues reported are related to projects such as tsdr, sxp etc. which are self-managed or being removed 17:15:03 #info so we also need to know how ONAP is assembled and what ODL projects ONAP needs 17:15:12 #info ONAP Dublin is based on Fluorine SR1 17:15:27 #info ONAP pulls in the full Karaf tarball from ODL 17:15:52 #info ONAP wonder what licensing impact it would have if ONAP rebuilds their own Karaf distribution 17:16:18 #info rovarga points out that there is no issue in this regard, and fd.io rebuilds many ODL projects 17:16:32 #info ONAP would need to check with LFN legal 17:18:14 https://docs.opendaylight.org/en/latest/release-process/release-schedule.html 17:18:21 #link https://docs.opendaylight.org/en/latest/release-process/release-schedule.html ODL rel schedule 17:19:26 #info Fluorine has fewer projects than Oxygen so upgrading to Fluorine should reduce the security footprint 17:20:43 #info re moving forward, rovarga suggests ONAP should switch to a minimal distribution with only their requirements, and then we can revisit the security impact of dependencies 17:20:43 ONAP actions: 17:20:43 - get latest 17:20:43 - run vulnerabilities analysis 17:20:43 - get back to ODL 17:20:43 - look into building our own distro 17:23:49 dfarrell07, valid and fair point. 17:24:15 #info dfarrell07 points out that ONAP would benefit from participating more in the ODL communities they depend on 17:24:49 #info ONAP asking for an ONAP-specific ODL build, so they can have a single ODL point of reference and use ODL CSIT 17:28:09 #info dfarrell07 thinks ranked value of options is: 1. Get more involved in ODL, get the folks benefiting from ODL contributing back to ODL 2. Make sure you're closely following ODL release cycle to get the things we're fixing 3. Reduce exposure area with minimal distro. 17:31:38 adetalhouet: thanks for driving this, and again, always good to hear from you :) 17:32:17 dfarrell07, sure, of course 17:34:39 #info Next steps are for ONAP to spec out MVP of what they need in a distro; for ONAP to figure out plan for contributing to ODL to keep it healthy in the long-term; be aware that some minimal benefit may come from even-more-closely following release train 17:35:50 #topic Sodium DDF 17:35:53 Thank you all for time and help. Appreciated. 17:36:13 #link https://wiki.opendaylight.org/view/Events:Sodium_Dev_Forum 17:38:15 #info Sodium DDF planned in the Ericsson Santa Clara conference rooms on April 1 and 2 17:41:03 #info desperate plea for topic submissions 17:41:30 #info the DDF will be open to external participants, but we need ODL contributors to submit topics 17:42:05 #topic Releases 17:43:28 #info Daniel De La Rosa and Ariel Adam working on the transition 17:54:42 #link https://jenkins.opendaylight.org/releng/view/autorelease/job/autorelease-release-neon-mvn35-openjdk8/ autorelease is failing, last 7 in a row 17:58:40 #endmeeting