=====================================================
#acumos-meeting: Acumos Security Subcommittee Meeting
=====================================================


Meeting started by aimeeu at 14:15:08 UTC.  The full logs are available
at
http://ircbot.wl.linuxfoundation.org/meetings/acumos-meeting/2018/acumos-meeting.2018-07-31-14.15.log.html
.



Meeting summary
---------------

* Roll Call  (aimeeu, 14:15:47)
  * Bryan Sullivan AT&T, Daniel Sela - Amdocs  (aimeeu, 14:18:52)

* Release Planning  (aimeeu, 14:19:36)
  * bryan added a roadmap page to the wiki  (aimeeu, 14:19:53)
  * #link https://wiki.acumos.org/display/SEC/Release+Planning  (aimeeu,
    14:20:23)
  * Bryan adds items from Daniel  (aimeeu, 14:22:04)
  * "automatic artifact reconstruction upon upload to the platform as
    necessary to ensure compiled model " matches the source"  (aimeeu,
    14:22:55)
  * Daniel: idea is NOT to let attacker take advantage  (aimeeu,
    14:23:11)
  * discussion on Python pickle and HD5 files  (aimeeu, 14:28:15)
  * federation secured with client certificates  (aimeeu, 14:36:41)
  * question on what can be done in Athena release  (aimeeu, 14:43:02)

* Ongoing Items  (aimeeu, 14:44:49)
  * still no response from LF on using NexusIQ  (aimeeu, 14:45:03)

* security-verification component  (aimeeu, 14:51:14)
  * Daniel: platform code contribution not a problem; if i want to
    download 8 models developed by TechM, i have to download, scan,
    review, approve - quite expensive; download and manually scanning
    does not solve the security/trust problem  (aimeeu, 15:00:23)
  * Bryan:  technical limitation for scanning: process-related inside
    Acumos (no mandate to upload source), metadata.json only lists
    dependencies needed to build microservice  (aimeeu, 15:00:38)
  * Daniel asks if code is uploaded during onboarding  (aimeeu,
    15:00:58)
  * Bryan: for python, code technically is uploaded - trained models are
    uploaded as compressed data (pickle or HD5 - binary compressed
    representations of code - uncompressed is not full representation of
    source); no decompression tool for pickle files - you'd have to
    uncompress in python env which would potentially expose  (aimeeu,
    15:01:17)
  * Daniel would like to know exactly what happens when a model is
    on-boarded - what transformations take place and when  (aimeeu,
    15:01:50)
  * Bryan will talk to model on-boarding team  (aimeeu, 15:02:01)



Meeting ended at 15:02:06 UTC.



People present (lines said)
---------------------------

* aimeeu (23)
* collabot (4)
* bryan_att (0)



Generated by `MeetBot`_ 0.1.4