#opnfv-meeting: LF Badge Program

Meeting started by lhinds_ at 16:02:10 UTC (full logs).

Meeting summary

    1. https://jira.opnfv.org/browse/SECURITY-20?jql=labels%20%3D%20LF-Badging-Program (lhinds_, 16:02:46)
    2. Uli Kleber (uli-k_, 16:02:56)
    3. rpaik (rpaik, 16:02:56)
    4. Fatih Degirmenci (fdegir, 16:02:58)
    5. luke hinds (lhinds_, 16:03:19)
    6. https://jira.opnfv.org/browse/SECURITY-13 (lhinds_, 16:08:35)
    7. Discussion regarding OPNFV Public Website, https://www.opnfv.org/ (fdegir, 16:12:00)
    8. need to make it easier to provide feedback (rpaik, 16:13:44)
    9. ACTION: Ray/Aric to investigage how to make it easier to provide feedback via opnfv.org (rpaik, 16:14:48)
    10. Uli, we should share badge program to community / companies (lhinds_, 16:15:40)
    11. https://www.coreinfrastructure.org/programs/badge-program (lhinds_, 16:16:09)
    12. want to encourage people log issues/bugs on Jira (rpaik, 16:21:55)
    13. suggestion to create a “general” bucket in Jira (rpaik, 16:25:54)
    14. Discussion regarding licensing (fdegir, 16:27:21)
    15. https://jira.opnfv.org/browse/SECURITY-14 (fdegir, 16:27:24)
    16. ACTION: SECURITY-14 can be closed, as license is Apache 2 and is scanned to insure its present in all repos, same happens at release (Uli) (lhinds_, 16:32:00)
    17. FOSSology is used for license checks (fdegir, 16:32:50)
    18. https://wiki.opnfv.org/developer/contribution_guidelines?s[]=license (rpaik, 16:34:29)
    19. assigned SECURITY-14 to ray (lhinds_, 16:34:42)
    20. ACTION: share emily's contact details with Sona (lhinds_, 16:35:22)
    21. Discussion regarding Change Control (fdegir, 16:42:33)
    22. https://jira.opnfv.org/browse/SECURITY-15 (fdegir, 16:42:43)
    23. Change control regarding upstream projects consumed/used by OPNFV (fdegir, 16:43:36)
    24. It is pretty hard to make sure all the upstream projects used by OPNFV meet requirements of LF Badging Program (fdegir, 16:46:50)
    25. Initial focus will be OPNFV projects (fdegir, 16:47:35)
    26. Clarification is needed for how far we should go with regards to upstream projects (fdegir, 16:47:53)
    27. ACTION: Sona to contact emily to discuss how to handle upstream code / libraries (lhinds_, 16:48:30)
    28. ACTION: jira issue to be raised that all projects should list libraries / upstream components used (lhinds_, 16:50:15)
    29. It is important to make sure that OPNFV projects state their dependencies with versions explicitly (fdegir, 16:50:28)
    30. this will help deal with CVE's as and when raised. (lhinds_, 16:50:29)
    31. ACTION: ray to make meeting re-occur (lhinds_, 16:52:10)
    32. Discussion regarding Bug Reporting (fdegir, 16:53:03)
    33. https://jira.opnfv.org/browse/SECURITY-16 (fdegir, 16:53:09)
    34. Discussion on bug reporting about vulnerability issues, which cannot be done openly because of sensitive information (uli-k_, 16:56:10)
    35. this might require encryption (uli-k_, 16:57:16)
    36. ACTION: luke to check with openstack VMT how they doing it at the moment. (lhinds_, 17:00:26)


Meeting ended at 17:00:40 UTC (full logs).

Action items

  1. Ray/Aric to investigage how to make it easier to provide feedback via opnfv.org
  2. SECURITY-14 can be closed, as license is Apache 2 and is scanned to insure its present in all repos, same happens at release (Uli)
  3. share emily's contact details with Sona
  4. Sona to contact emily to discuss how to handle upstream code / libraries
  5. jira issue to be raised that all projects should list libraries / upstream components used
  6. ray to make meeting re-occur
  7. luke to check with openstack VMT how they doing it at the moment.


People present (lines said)

  1. fdegir (15)
  2. lhinds_ (15)
  3. rpaik (7)
  4. collabot` (3)
  5. uli-k_ (3)


Generated by MeetBot 0.1.4.