#acumos-meeting log

14:03:09 <bryan_att> #startmeeting Acumos TSC Security Committee
14:03:09 <collabot> Meeting started Tue Jul 17 14:03:09 2018 UTC.  The chair is bryan_att. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:03:09 <collabot> Useful Commands: #action #agreed #help #info #idea #link #topic.
14:03:09 <collabot> The meeting name has been set to 'acumos_tsc_security_committee'
14:18:53 <bryan_att> #topic Agenda
14:19:09 <bryan_att> #info Standing agenda minus S-V (in progress)
14:20:10 <bryan_att> #info Manoop: CI best practices: https://bestpractices.coreinfrastructure.org
14:21:53 <talasila> https://wiki.acumos.org/display/REL/Security+Vulnerability+Threat+Template
14:22:03 <bryan_att> #info Manoop: security checklist
14:24:47 <talasila> https://jira.acumos.org/browse/ACUMOS-1094
14:29:30 <bryan_att> #info Nexus-IQ produces a report that will be reviewed by the PTLs and (1) any issues corrected; (2) any false positives explained and removed from future reports
14:30:27 <bryan_att> #info Bryan: we should investigate using Nexus-IQ for model scanning
14:37:02 <talasila> [Acumos Helpdesk #58195] All the CLM jobs are failing since July 7
14:41:00 <bryan_att> #info Bryan: the Nexus-IQ tool does seem to address the goals for the project scanning; we need to work with PTLs to get them familiar and addressing the issues
14:42:21 <bryan_att> #info In the meantime we will review (on these calls) the items for core components and provide input to the PTL on this call - we will invite the PTLs to meetings planned to review their components
14:43:08 <bryan_att> #info To start with CDS and portal, then onboarding and design studio; then we will have a working process and tackle the rest
14:44:34 <bryan_att> #info Manoop: we will come up with a plan for this release and following as needed
14:45:48 <bryan_att> #info We will list the items at a high level and address details offline
14:47:48 <bryan_att> #info Present: Bryan. Farheen. Guy, Manoop, Nat
14:52:23 <talasila> Hardening the Acumos platform involves the areas like: Performance, Stability, Resiliency, Security, Scalability, Manageability, Usability
14:56:52 <bryan_att> #info Bryan: for deployment hardening we should consider whether more customized microservice kernels ala what can be built using linuxkit, will provide any security or other advantages (e.g. efficiency, in terms of container size or resources when running).
14:57:45 <bryan_att> #info Guy: size-savings may be limited as much of the end-size of a container are the ML libraries/tools that are loaded during container generation
15:00:09 <bryan_att> #info Next meeting we will put CDS and Portal Nexus-IQ report discussion as the primary agenda items
15:00:52 <bryan_att> #endmeeting