========================= #opnfv-meeting: OPNFV TSC ========================= Meeting started by ChrisPriceAB at 14:59:31 UTC. The full logs are available at http://ircbot.wl.linuxfoundation.org/meetings/opnfv-meeting/2015/opnfv-meeting.2015-12-01-14.59.log.html . Meeting summary --------------- * Roll Call (ChrisPriceAB, 14:59:35) * Chris Price (ChrisPriceAB, 14:59:41) * Frank Brockners (frankbrockners, 15:00:17) * Julien (Julien-zte, 15:00:24) * Edgar StPierre (edgarstp, 15:00:28) * Approval of previous minutes of meeting (ChrisPriceAB, 15:01:09) * LINK: https://wiki.opnfv.org/wiki/tsc#november_24_2015 previous minutes (ChrisPriceAB, 15:01:15) * previous minutes approved without comment (ChrisPriceAB, 15:01:24) * Agenda Bashing (ChrisPriceAB, 15:01:34) * LINK: https://wiki.opnfv.org/wiki/tsc#december_1_2015 Current TSC Agenda (ChrisPriceAB, 15:01:43) * Bryan Sullivan (bryan_att, 15:02:11) * Milestone D update (ChrisPriceAB, 15:03:14) * Debra reports that milestone D reporting is looking good, however projects are reporting issues looking forward to milestone E (ChrisPriceAB, 15:03:53) * Chris Wright (cdub, 15:03:58) * more details to be addressed during the weekly project call, Debra will run 1-1 project discussions following milestone D (ChrisPriceAB, 15:04:20) * OPNFV Plugfest, needs and support (ChrisPriceAB, 15:04:43) * Ashlee Young (ashyoung, 15:04:50) * Vikram Dham (VikramDham, 15:05:18) * Brian Skerry (bjskerry, 15:05:47) * Certification & Compliance committee desires to have plugfest events after each release. First one targeting March-June timeframe post Brahmaputra (rpaik, 15:07:14) * ChrisPriceAB notes that a working group from the tehcnical community is needed (e.g. testing/integration) for Plugfests (rpaik, 15:08:17) * dlenrow (dlenrow, 15:09:04) * ACTION: ChrisPriceAB/Wenjing will send a note to the mailing list to start the conversation on Plugfest working group (rpaik, 15:09:10) * Q1 Hackfest Collab-Summit and ONS discussion (ChrisPriceAB, 15:09:24) * Parviz Yegani (Parviz, 15:09:34) * ACTION: rpaik to send out a survey to the community to identify where we would get the best attendance. (ChrisPriceAB, 15:17:11) * OPNFV security initiative: Badge program engagement (ChrisPriceAB, 15:18:22) * It is fine now (Julien-zte, 15:19:15) * LINK: https://www.coreinfrastructure.org/programs/badge-program information on the badge program (ChrisPriceAB, 15:23:02) * lhinds walks through some of the prerequisites to OPNFV earning badges (ChrisPriceAB, 15:23:40) * many of the items address security specific considerations in our existing ways of working that can be incrementally implemented. (ChrisPriceAB, 15:24:16) * ashyoung asks what mechanisms are needed to trigger a security evaluation (ChrisPriceAB, 15:25:29) * LINK: https://wiki.opnfv.org/security/securecode (lhinds, 15:25:36) * lhinds encourages community support for the security impact assessment group (ChrisPriceAB, 15:26:20) * Tapio Tallgren (ttallgren, 15:26:49) * can you sign me up as a security reviewer? (ashyoung, 15:28:09) * lhinds outlines the main areas of needed work is around the code analysis system. (ChrisPriceAB, 15:28:57) * chrispriceab asks if we should as a community implement a badge program through our security group (ChrisPriceAB, 15:31:20) * bjskery asks what the impact is of our upstream components if they are not participating. (ChrisPriceAB, 15:31:50) * lhinds answers that we should focus on what we provide upstream and internally a a starting point (ChrisPriceAB, 15:32:13) * bjskerry asks if there is a timeframe that needs to be achieved with this initiative for security issues? (ChrisPriceAB, 15:32:40) * lhinds answers that there is a recommended criteria for a timeframe to address security issues (ChrisPriceAB, 15:33:14) * cdub chimes in and agrees that security if important, but is trying to undersand how OPNFV as an integration project achieves the badge (ChrisPriceAB, 15:34:48) * parvis asks what areas of security we are focused on? (ChrisPriceAB, 15:35:09) * lhinds & cdub answer that it spans across all areas. (ChrisPriceAB, 15:35:44) * lhinds outlines this provides a reccomended framework for us to help focus on security as a community. Best practices for our internal activities will need to be done internally within OPNFV. (ChrisPriceAB, 15:37:19) * LINK: https://github.com/linuxfoundation/cii-best-practices-badge/blob/master/doc/criteria.md (lhinds, 15:38:26) * cdub asks if this is something we should focus on or if there are higher priority items. (ChrisPriceAB, 15:39:39) * the Security Group is from Linux Foundation or OPNFV? (Julien-zte, 15:39:45) * lhinds answers this helps us address the issues we are working on. (ChrisPriceAB, 15:39:56) * LINK: https://www.coreinfrastructure.org/ (rpaik, 15:40:25) * AGREED: The TSC has a concensus for the security group to pursue the badge program (ChrisPriceAB, 15:41:53) * Pharos LF & Community lab use for Brahmaputra release processing (ChrisPriceAB, 15:42:05) * LINK: https://etherpad.opnfv.org/p/brahmaputra_release_testing proposal for testing and deployment in Brahmaputra (ChrisPriceAB, 15:43:31) * fdegir outlines that there will be resource constraints for Brahmaputra testing if we constrain our release testing to be done only on the LF labs. (ChrisPriceAB, 15:44:05) * fdegir outlines the discussion extends to CI processes, stable artifact usage and testing tools for the Brahmaputra release. (ChrisPriceAB, 15:45:00) * fdegir describes that the most important action is to allow more labs to be used for the release. (ChrisPriceAB, 15:45:50) * chrispriceab asks how we know which labs will provide the needed capability (ChrisPriceAB, 15:46:38) * fdegir answers that Pharos and pharos compliance will be used to evaluate the applciability of the labs (ChrisPriceAB, 15:46:59) * fdegir states that bare metal labs are required (ChrisPriceAB, 15:47:26) * trevorintel states that we need to identify which labs qualify for release purposes and can they be dedicated for release purposes. (ChrisPriceAB, 15:48:09) * this would require developmental labs to be re-purposed for release testing during the release candidate phase of Brahmaputra. (ChrisPriceAB, 15:48:55) * fdegir describes that we should re-purpose these labs now in order to work through issues that may pop up. (ChrisPriceAB, 15:49:19) * ashlee asks if she is able to get extra pods is there someone available to help configure them for release purposes (ChrisPriceAB, 15:51:44) * chrispriceab states the question as; does the TSC approve the use of community labs for the release of Brahmaputra? (ChrisPriceAB, 15:53:16) * hkirksey describes that while the cetral lab may not be mandatory, hardware portability is a goal we should maintain for Brahmaputra. (ChrisPriceAB, 15:54:04) * frankbrockners describes that portability should be impicit in the CI whereby the lab is not coupled in any way to the deployment of the software. (ChrisPriceAB, 15:55:35) * Status of community labs https://wiki.opnfv.org/pharos_rls_b_labs (trevor_intel, 15:56:33) * +1 (ashyoung, 15:58:20) * AGREED: the TSC agrees to allow the use of Pharos community equipment for release testing. (ChrisPriceAB, 16:00:14) Meeting ended at 16:00:46 UTC. Action items, by person ----------------------- * ChrisPriceAB * ChrisPriceAB/Wenjing will send a note to the mailing list to start the conversation on Plugfest working group * rpaik * rpaik to send out a survey to the community to identify where we would get the best attendance. People present (lines said) --------------------------- * ChrisPriceAB (54) * ashyoung (10) * fdegir (8) * TomNadeau (6) * Julien-zte (5) * rpaik (5) * collabot (4) * VikramDham (3) * bryan_att (3) * cdub (2) * lhinds (2) * edgarstp (2) * frankbrockners (1) * dlenrow (1) * trevor_intel (1) * ttallgren (1) * Parviz (1) * bjskerry (1) * aricg (1) Generated by `MeetBot`_ 0.1.4