14:03:09 <bryan_att> #startmeeting Acumos TSC Security Committee 14:03:09 <collabot> Meeting started Tue Jul 17 14:03:09 2018 UTC. The chair is bryan_att. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:03:09 <collabot> Useful Commands: #action #agreed #help #info #idea #link #topic. 14:03:09 <collabot> The meeting name has been set to 'acumos_tsc_security_committee' 14:18:53 <bryan_att> #topic Agenda 14:19:09 <bryan_att> #info Standing agenda minus S-V (in progress) 14:20:10 <bryan_att> #info Manoop: CI best practices: https://bestpractices.coreinfrastructure.org 14:21:53 <talasila> https://wiki.acumos.org/display/REL/Security+Vulnerability+Threat+Template 14:22:03 <bryan_att> #info Manoop: security checklist 14:24:47 <talasila> https://jira.acumos.org/browse/ACUMOS-1094 14:29:30 <bryan_att> #info Nexus-IQ produces a report that will be reviewed by the PTLs and (1) any issues corrected; (2) any false positives explained and removed from future reports 14:30:27 <bryan_att> #info Bryan: we should investigate using Nexus-IQ for model scanning 14:37:02 <talasila> [Acumos Helpdesk #58195] All the CLM jobs are failing since July 7 14:41:00 <bryan_att> #info Bryan: the Nexus-IQ tool does seem to address the goals for the project scanning; we need to work with PTLs to get them familiar and addressing the issues 14:42:21 <bryan_att> #info In the meantime we will review (on these calls) the items for core components and provide input to the PTL on this call - we will invite the PTLs to meetings planned to review their components 14:43:08 <bryan_att> #info To start with CDS and portal, then onboarding and design studio; then we will have a working process and tackle the rest 14:44:34 <bryan_att> #info Manoop: we will come up with a plan for this release and following as needed 14:45:48 <bryan_att> #info We will list the items at a high level and address details offline 14:47:48 <bryan_att> #info Present: Bryan. Farheen. Guy, Manoop, Nat 14:52:23 <talasila> Hardening the Acumos platform involves the areas like: Performance, Stability, Resiliency, Security, Scalability, Manageability, Usability 14:56:52 <bryan_att> #info Bryan: for deployment hardening we should consider whether more customized microservice kernels ala what can be built using linuxkit, will provide any security or other advantages (e.g. efficiency, in terms of container size or resources when running). 14:57:45 <bryan_att> #info Guy: size-savings may be limited as much of the end-size of a container are the ML libraries/tools that are loaded during container generation 15:00:09 <bryan_att> #info Next meeting we will put CDS and Portal Nexus-IQ report discussion as the primary agenda items 15:00:52 <bryan_att> #endmeeting