16:02:10 <lhinds_> #startmeeting LF Badge Program
16:02:10 <collabot`> Meeting started Thu Mar 17 16:02:10 2016 UTC.  The chair is lhinds_. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:02:10 <collabot`> Useful Commands: #action #agreed #help #info #idea #link #topic.
16:02:10 <collabot`> The meeting name has been set to 'lf_badge_program'
16:02:46 <lhinds_> #link https://jira.opnfv.org/browse/SECURITY-20?jql=labels%20%3D%20LF-Badging-Program
16:02:56 <uli-k_> #info Uli Kleber
16:02:56 <rpaik> #info rpaik
16:02:58 <fdegir> #info Fatih Degirmenci
16:03:19 <lhinds_> #info luke hinds
16:08:35 <lhinds_> #link https://jira.opnfv.org/browse/SECURITY-13
16:12:00 <fdegir> #info Discussion regarding OPNFV Public Website, https://www.opnfv.org/
16:13:44 <rpaik> #info need to make it easier to provide feedback
16:14:16 <rpaik> #undo
16:14:48 <rpaik> #action Ray/Aric to investigage how to make it easier to provide feedback via opnfv.org
16:15:40 <lhinds_> #info Uli, we should share badge program  to community / companies
16:16:09 <lhinds_> #link https://www.coreinfrastructure.org/programs/badge-program
16:21:55 <rpaik> #info want to encourage people log issues/bugs on Jira
16:25:54 <rpaik> #info suggestion to create a “general” bucket in Jira
16:27:21 <fdegir> #info Discussion regarding licensing
16:27:24 <fdegir> #link https://jira.opnfv.org/browse/SECURITY-14
16:32:00 <lhinds_> #action SECURITY-14 can be closed, as license is Apache 2 and is scanned to insure its present in all repos, same happens at release (Uli)
16:32:37 <fdegir> ##info FOSSology is used for license checks
16:32:50 <fdegir> #info FOSSology is used for license checks
16:34:29 <rpaik> #info https://wiki.opnfv.org/developer/contribution_guidelines?s[]=license
16:34:42 <lhinds_> #info assigned SECURITY-14 to ray
16:35:22 <lhinds_> #action share emily's contact details with Sona
16:42:33 <fdegir> #info Discussion regarding Change Control
16:42:43 <fdegir> #link https://jira.opnfv.org/browse/SECURITY-15
16:43:36 <fdegir> #info Change control regarding upstream projects consumed/used by OPNFV
16:46:50 <fdegir> #info It is pretty hard to make sure all the upstream projects used by OPNFV meet requirements of LF Badging Program
16:47:35 <fdegir> #info Initial focus will be OPNFV projects
16:47:53 <fdegir> #info Clarification is needed for how far we should go with regards to upstream projects
16:48:30 <lhinds_> #action Sona to contact emily to discuss how to handle upstream code / libraries
16:50:15 <lhinds_> #action jira issue to be raised that all projects should list libraries / upstream components used
16:50:28 <fdegir> #info It is important to make sure that OPNFV projects state their dependencies with versions explicitly
16:50:29 <lhinds_> #info this will help deal with CVE's as and when raised.
16:52:10 <lhinds_> #action ray to make meeting re-occur
16:53:03 <fdegir> #info Discussion regarding Bug Reporting
16:53:09 <fdegir> #link https://jira.opnfv.org/browse/SECURITY-16
16:56:10 <uli-k_> #info Discussion on bug reporting about vulnerability issues, which cannot be done openly because of sensitive information
16:57:16 <uli-k_> #info this might require encryption
17:00:26 <lhinds_> #action luke to check with openstack VMT how they doing it at the moment.
17:00:40 <lhinds_> #endmeeting