================================ #opnfv-meeting: LF Badge Program ================================ Meeting started by lhinds_ at 16:02:10 UTC. The full logs are available at http://ircbot.wl.linuxfoundation.org/meetings/opnfv-meeting/2016/opnfv-meeting.2016-03-17-16.02.log.html . Meeting summary --------------- * LINK: https://jira.opnfv.org/browse/SECURITY-20?jql=labels%20%3D%20LF-Badging-Program (lhinds_, 16:02:46) * Uli Kleber (uli-k_, 16:02:56) * rpaik (rpaik, 16:02:56) * Fatih Degirmenci (fdegir, 16:02:58) * luke hinds (lhinds_, 16:03:19) * LINK: https://jira.opnfv.org/browse/SECURITY-13 (lhinds_, 16:08:35) * Discussion regarding OPNFV Public Website, https://www.opnfv.org/ (fdegir, 16:12:00) * need to make it easier to provide feedback (rpaik, 16:13:44) * ACTION: Ray/Aric to investigage how to make it easier to provide feedback via opnfv.org (rpaik, 16:14:48) * Uli, we should share badge program to community / companies (lhinds_, 16:15:40) * LINK: https://www.coreinfrastructure.org/programs/badge-program (lhinds_, 16:16:09) * want to encourage people log issues/bugs on Jira (rpaik, 16:21:55) * suggestion to create a “general” bucket in Jira (rpaik, 16:25:54) * Discussion regarding licensing (fdegir, 16:27:21) * LINK: https://jira.opnfv.org/browse/SECURITY-14 (fdegir, 16:27:24) * ACTION: SECURITY-14 can be closed, as license is Apache 2 and is scanned to insure its present in all repos, same happens at release (Uli) (lhinds_, 16:32:00) * FOSSology is used for license checks (fdegir, 16:32:50) * https://wiki.opnfv.org/developer/contribution_guidelines?s[]=license (rpaik, 16:34:29) * assigned SECURITY-14 to ray (lhinds_, 16:34:42) * ACTION: share emily's contact details with Sona (lhinds_, 16:35:22) * Discussion regarding Change Control (fdegir, 16:42:33) * LINK: https://jira.opnfv.org/browse/SECURITY-15 (fdegir, 16:42:43) * Change control regarding upstream projects consumed/used by OPNFV (fdegir, 16:43:36) * It is pretty hard to make sure all the upstream projects used by OPNFV meet requirements of LF Badging Program (fdegir, 16:46:50) * Initial focus will be OPNFV projects (fdegir, 16:47:35) * Clarification is needed for how far we should go with regards to upstream projects (fdegir, 16:47:53) * ACTION: Sona to contact emily to discuss how to handle upstream code / libraries (lhinds_, 16:48:30) * ACTION: jira issue to be raised that all projects should list libraries / upstream components used (lhinds_, 16:50:15) * It is important to make sure that OPNFV projects state their dependencies with versions explicitly (fdegir, 16:50:28) * this will help deal with CVE's as and when raised. (lhinds_, 16:50:29) * ACTION: ray to make meeting re-occur (lhinds_, 16:52:10) * Discussion regarding Bug Reporting (fdegir, 16:53:03) * LINK: https://jira.opnfv.org/browse/SECURITY-16 (fdegir, 16:53:09) * Discussion on bug reporting about vulnerability issues, which cannot be done openly because of sensitive information (uli-k_, 16:56:10) * this might require encryption (uli-k_, 16:57:16) * ACTION: luke to check with openstack VMT how they doing it at the moment. (lhinds_, 17:00:26) Meeting ended at 17:00:40 UTC. People present (lines said) --------------------------- * fdegir (15) * lhinds_ (15) * rpaik (7) * collabot` (3) * uli-k_ (3) Generated by `MeetBot`_ 0.1.4