========================== #opendaylight-meeting: tsc ========================== Meeting started by abhijitk at 16:58:24 UTC. The full logs are available at http://meetings.opendaylight.org/opendaylight-meeting/2019/tsc/opendaylight-meeting-tsc.2019-02-21-16.58.log.html . Meeting summary --------------- * Agenda Bashing & Roll Call (abhijitk, 16:58:39) * abhijitk (abhijitk, 16:58:45) * skitt (skitt, 17:01:21) * jamoluhrsen (jamoluhrsen, 17:02:27) * rovarga (rovarga, 17:04:59) * Thanh Ha (zxiiro, 17:05:05) * Prem #project coe (premsankar, 17:06:02) * ONAP and CII vulnerabilities (skitt, 17:07:17) * shague (shague, 17:07:19) * ONAP projects depend on CCSDK which depends on ODL (skitt, 17:09:10) * ONAP representatives: Dan Timoney, Taka Cho, Pawel Pawlak (abhijitk, 17:09:25) * ONAP projects need to list vulns in their repos, and some of them come from ODL (skitt, 17:09:28) * ONAP's suggestion is to create a tiger team with ODL and ONAP representatives to discuss the issues and come up with an action plan (skitt, 17:11:49) * on the ODL side, we need to know what version of ODL ONAP is using (skitt, 17:13:39) * Oxygen SR4 fixed a number of issues, and is about to stop being supported (skitt, 17:13:56) * quite a few of the issues reported are related to projects such as tsdr, sxp etc. which are self-managed or being removed (skitt, 17:14:41) * so we also need to know how ONAP is assembled and what ODL projects ONAP needs (skitt, 17:15:03) * ONAP Dublin is based on Fluorine SR1 (skitt, 17:15:12) * ONAP pulls in the full Karaf tarball from ODL (skitt, 17:15:27) * ONAP wonder what licensing impact it would have if ONAP rebuilds their own Karaf distribution (skitt, 17:15:52) * rovarga points out that there is no issue in this regard, and fd.io rebuilds many ODL projects (skitt, 17:16:18) * ONAP would need to check with LFN legal (skitt, 17:16:32) * LINK: https://docs.opendaylight.org/en/latest/release-process/release-schedule.html (dfarrell07, 17:18:14) * LINK: https://docs.opendaylight.org/en/latest/release-process/release-schedule.html ODL rel schedule (dfarrell07, 17:18:21) * Fluorine has fewer projects than Oxygen so upgrading to Fluorine should reduce the security footprint (skitt, 17:19:26) * re moving forward, rovarga suggests ONAP should switch to a minimal distribution with only their requirements, and then we can revisit the security impact of dependencies (skitt, 17:20:43) * dfarrell07 points out that ONAP would benefit from participating more in the ODL communities they depend on (skitt, 17:24:15) * ONAP asking for an ONAP-specific ODL build, so they can have a single ODL point of reference and use ODL CSIT (skitt, 17:24:49) * dfarrell07 thinks ranked value of options is: 1. Get more involved in ODL, get the folks benefiting from ODL contributing back to ODL 2. Make sure you're closely following ODL release cycle to get the things we're fixing 3. Reduce exposure area with minimal distro. (dfarrell07, 17:28:09) * Next steps are for ONAP to spec out MVP of what they need in a distro; for ONAP to figure out plan for contributing to ODL to keep it healthy in the long-term; be aware that some minimal benefit may come from even-more-closely following release train (dfarrell07, 17:34:39) * Sodium DDF (abhijitk, 17:35:50) * LINK: https://wiki.opendaylight.org/view/Events:Sodium_Dev_Forum (abhijitk, 17:36:13) * Sodium DDF planned in the Ericsson Santa Clara conference rooms on April 1 and 2 (abhijitk, 17:38:15) * desperate plea for topic submissions (skitt, 17:41:03) * the DDF will be open to external participants, but we need ODL contributors to submit topics (skitt, 17:41:30) * Releases (abhijitk, 17:42:05) * Daniel De La Rosa and Ariel Adam working on the transition (abhijitk, 17:43:28) * LINK: https://jenkins.opendaylight.org/releng/view/autorelease/job/autorelease-release-neon-mvn35-openjdk8/ autorelease is failing, last 7 in a row (dfarrell07, 17:54:42) Meeting ended at 17:58:40 UTC. People present (lines said) --------------------------- * skitt (20) * abhijitk (19) * adetalhouet (12) * dfarrell07 (12) * odl_meetbot (4) * rovarga (3) * zxiiro (3) * shague (1) * LuisGomez (1) * premsankar (1) * jamoluhrsen (1) * lori_ (1) * CaseyLF (0) Generated by `MeetBot`_ 0.1.4