Date   

Register Now: Open Networking & Edge Executive Forum, March 10-12

Brandon Wick
 

LF Networking Communities:

This is a reminder to register for the Open Networking & Edge Executive Forum (ONEEF), a special edition of Open Networking & Edge Summit. Join top ecosystem executive leaders as they discuss deployment progress and provide critical insights into Service Provider, Cloud, Enterprise Networking, and Edge/IOT requirements to the global networking and edge communities. Interact directly with speakers and other attendees via chat, set 1:1 meetings and more. View the Schedule here.


Linux Foundation, LF Networking and LF Edge members can attend at no cost, all others pay only US $50. Email events@... to request the LFN discount code or if you have any questions. 

We hope to see you there!

Best,

Brandon Wick
Senior Integrated Marketing Manager
The Linux Foundation
+1.917.282.0960


ODIM LFN induction review

Alex Vul <alex.vul@...>
 

Dear LFN TAC,

 

The ODIM community is a bold collaborative open source initiative to bring together a critical mass of physical infrastructure management and infrastructure/service orchestration stakeholders to define and execute collaborative work focused on creating new critical open source building blocks, in areas such as composition, aggregation and telemetry, define new models and APIs, as well as influence key extensions to the DMTF Redfish® specifications that ODIM builds upon. This community will coordinate with other key SDOs and open source communities, with a focus on automation, simplification, consistency and interoperability of COTS and OSS infrastructure management solutions resulting in acceleration of infrastructure deployments across segments, while lowering operational complexity and cost.

 

Since June of 2020 ODIM has been an unfunded LF project and has been steadily building a robust and diverse community. Release 20.01 was released in January 2021, and the next release is on target for August 2021.

 

This email is formal request for LFN induction review, as a Sandbox project, during the March 10, 2021 Technical Advisory Council (TAC) meeting. The Project Induction Proposal Material is provided for your review.

 

We look forward to a discussion with the LFN TAC on March 10.

 

Best,

 

Alex Vul

ODIM Project TAC representative

 

____

 


Schedule Now Live: Open Networking & Edge Executive Forum, March 10-12

Brandon Wick
 

LF Networking Communities:

In two weeks we’ll be kicking off Open Networking & Edge Executive Forum (ONEEF), a special edition of Open Networking & Edge Summit. Join ecosystem executive leaders as they discuss deployment progress and provide critical insights into Service Provider, Cloud, Enterprise Networking, and Edge/IOT requirements to the global networking and edge communities. Interact directly with speakers and other attendees via chat, set 1:1 meetings and more.


Linux Foundation, LF Networking and LF Edge members can attend for free, US$50 for everyone else. Email events@... to request the LFN discount code.

Best,

Brandon Wick
Senior Integrated Marketing Manager
The Linux Foundation
+1.917.282.0960


Re: Follow up Action item from LFN TAC Jan - XGVela induction.

Chaker Al-Hakim
 

Hello Brett, Jim and LFN TAC,

 

I am familiar with the XGVela project based on my active engagement with ONAP. I will be happy to either lead or participate in any workgroup discussion that may be desired from the

LFN TAC perspective  to further understand the details of this project.

 

Regards,

Chaker

 

 

From: lfn-tac@... <lfn-tac@...> On Behalf Of seshu kumar m via lists.lfnetworking.org
Sent: Saturday, February 20, 2021 4:03 PM
To: lfn-tac <lfn-tac@...>
Cc: ccain <ccain@...>; xgvela-tsc <xgvela-tsc@...>
Subject: [lfn-TAC] Follow up Action item from LFN TAC Jan - XGVela induction.

 

 

Dear LFN TAC,

 

First of all, a big thanks for considering XGvela as a LFN project. 

This is following up on the Action Item from 01/13 (XGVela LFN Induction) to update Governance documentation.

 

The XGVela TSC  has discussed on the inputs with the community members and worked on the details to come up with the Governance model best suited for the XGvela project needs. 

Please review updated Governance:

 

We would be happy to attend and assist the 02/24 TAC meeting to answer any additional questions you may have, or we can use this email thread.

 

--------------------------------------------------
Thanks and Regards,
M Seshu Kumar

TSC member of ONAP & XGVela,    

Lead Architect, 
P&S, Cloud Network OSDT,
Huawei Technologies India Pvt. Ltd.
Survey No. 37, Next to EPIP Area, Kundalahalli, Whitefield
Bengaluru-560066, Karnataka.
Tel: + 91-80-49160700 , Mob: 9845355488
___________________________________________________________________________________________________
This e-mail and its attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it!
-------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 


LFN Technical Advisory Council - Wed, 02/24/2021 #cal-notice

lfn-tac@lists.lfnetworking.org Calendar <noreply@...>
 

LFN Technical Advisory Council

When:
Wednesday, 24 February 2021
7:00am to 8:00am
(GMT-08:00) America/Los Angeles

Where:
https://zoom.us/j/560486345?pwd=QXNHRVgyMEtURFVjMDhUUGZ4ZVhFQT09

Organizer:
ccain@...

Description:

Linux Foundation Networking is inviting you to a scheduled Zoom meeting.
 
Topic: LFN Technical Advisory Council
Time: This is a recurring meeting Meet anytime
 
Join Zoom Meeting
https://zoom.us/j/560486345?pwd=QXNHRVgyMEtURFVjMDhUUGZ4ZVhFQT09
 
Meeting ID: 560 486 345
Passcode: 322474
One tap mobile
+13462487799,,560486345# US (Houston)
+16699006833,,560486345# US (San Jose)
 
Dial by your location
        +1 346 248 7799 US (Houston)
        +1 669 900 6833 US (San Jose)
        +1 253 215 8782 US (Tacoma)
        +1 312 626 6799 US (Chicago)
        +1 646 558 8656 US (New York)
        +1 301 715 8592 US (Germantown)
        877 369 0926 US Toll-free
        855 880 1246 US Toll-free
        +1 438 809 7799 Canada
        +1 587 328 1099 Canada
        +1 647 374 4685 Canada
        +1 647 558 0588 Canada
        +1 778 907 2071 Canada
        +1 204 272 7920 Canada
        855 703 8985 Canada Toll-free
        +86 10 8783 3177 China
        +86 10 5387 6330 China
        400 616 8835 China Toll-free
        400 669 9381 China Toll-free
        400 182 3168 China Toll-free
        +91 22 71 279 525 India
        +91 406 480 2722 India
        +91 446 480 2722 India
        +91 806 480 2722 India
        +91 80 71 279 440 India
        +91 116 480 2722 India
        +91 22 48 798 004 India
        +91 224 879 8012 India
        +91 226 480 2722 India
        000 800 050 5050 India Toll-free
        000 800 040 1530 India Toll-free
Meeting ID: 560 486 345
Find your local number: https://zoom.us/u/bB8IumSv
 


LFN Technical Advisory Council - Wed, 02/24/2021 7:00am-8:00am #cal-reminder

lfn-tac@lists.lfnetworking.org Calendar <lfn-tac@...>
 

Reminder: LFN Technical Advisory Council

When: Wednesday, 24 February 2021, 7:00am to 8:00am, (GMT-08:00) America/Los Angeles

Where:https://zoom.us/j/560486345?pwd=QXNHRVgyMEtURFVjMDhUUGZ4ZVhFQT09

View Event

Organizer: Casey Cain ccain@...

Description:

Linux Foundation Networking is inviting you to a scheduled Zoom meeting.
 
Topic: LFN Technical Advisory Council
Time: This is a recurring meeting Meet anytime
 
Join Zoom Meeting
https://zoom.us/j/560486345?pwd=QXNHRVgyMEtURFVjMDhUUGZ4ZVhFQT09
 
Meeting ID: 560 486 345
Passcode: 322474
One tap mobile
+13462487799,,560486345# US (Houston)
+16699006833,,560486345# US (San Jose)
 
Dial by your location
        +1 346 248 7799 US (Houston)
        +1 669 900 6833 US (San Jose)
        +1 253 215 8782 US (Tacoma)
        +1 312 626 6799 US (Chicago)
        +1 646 558 8656 US (New York)
        +1 301 715 8592 US (Germantown)
        877 369 0926 US Toll-free
        855 880 1246 US Toll-free
        +1 438 809 7799 Canada
        +1 587 328 1099 Canada
        +1 647 374 4685 Canada
        +1 647 558 0588 Canada
        +1 778 907 2071 Canada
        +1 204 272 7920 Canada
        855 703 8985 Canada Toll-free
        +86 10 8783 3177 China
        +86 10 5387 6330 China
        400 616 8835 China Toll-free
        400 669 9381 China Toll-free
        400 182 3168 China Toll-free
        +91 22 71 279 525 India
        +91 406 480 2722 India
        +91 446 480 2722 India
        +91 806 480 2722 India
        +91 80 71 279 440 India
        +91 116 480 2722 India
        +91 22 48 798 004 India
        +91 224 879 8012 India
        +91 226 480 2722 India
        000 800 050 5050 India Toll-free
        000 800 040 1530 India Toll-free
Meeting ID: 560 486 345
Find your local number: https://zoom.us/u/bB8IumSv
 


Follow up Action item from LFN TAC Jan - XGVela induction.

seshu kumar m <seshu.kumar.m@...>
 


Dear LFN TAC,

First of all, a big thanks for considering XGvela as a LFN project. 
This is following up on the Action Item from 01/13 (XGVela LFN Induction) to update Governance documentation.

The XGVela TSC  has discussed on the inputs with the community members and worked on the details to come up with the Governance model best suited for the XGvela project needs. 
Please review updated Governance:
https://wiki.lfnetworking.org/display/XGVela/Governance

We would be happy to attend and assist the 02/24 TAC meeting to answer any additional questions you may have, or we can use this email thread.

--------------------------------------------------
Thanks and Regards,
M Seshu Kumar
TSC member of ONAP & XGVela,    
Lead Architect, 
P&S, Cloud Network OSDT,
Huawei Technologies India Pvt. Ltd.
Survey No. 37, Next to EPIP Area, Kundalahalli, Whitefield
Bengaluru-560066, Karnataka.
Tel: + 91-80-49160700 , Mob: 9845355488
___________________________________________________________________________________________________
This e-mail and its attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it!
-------------------------------------------------------------------------------------------------------------------------------------------------------------------






LFN Technical Whitepaper 2021 - Call For Participation

Haiby, Ranny (Samsung) <ranny.haiby@...>
 

TAC Members – please forward this information to your community members.

 

Hello LFN communities,

 

Following the success of last year’s LFN technical whitepaper, we have kicked-off the process of creating the next one.

This year’s whitepaper should continue to share our vision with a broader industry audience, drive adoption of our software and bring on more players to the game.

 

The theme for the paper is still open for decision and we are looking for contributors.

 

Based on previous experience contributors can invest as little or as much as they see fit. As a contributor you will benefit from collaborating with other experts in the community and spreading your ideas. You will of course get credit as an author. You don’t have to be a member of any project or committee to contribute. Participation is open for all.

 

If you would like to participate or propose a theme, please add your name on this page:

https://wiki.lfnetworking.org/display/LN/Theme+proposals+and+Subject+Matter+Experts

 

Thanks,

 

Ranny Haiby

Interim Whitepaper workgroup leader.

 

 


Invitation: AI/ML data and model sharing investigation @ Wed Mar 17, 2021 8am - 9am (MDT) (lfn-tac@lists.lfnetworking.org)

Jim Baker
 

You have been invited to the following event.

AI/ML data and model sharing investigation

When
Wed Mar 17, 2021 8am – 9am Mountain Time - Denver
Where
https://zoom.us/j/95444871204 (map)
Calendar
lfn-tac@...
Who
jbaker@... - organizer
lfn-euag-members@...
lfn-tac@...
──────────

Jim Baker (LFN) is inviting you to a scheduled Zoom meeting.

Join Zoom Meeting
https://zoom.us/j/95444871204

Meeting ID: 954 4487 1204
One tap mobile
+13017158592,,95444871204# US (Washington DC)
+13126266799,,95444871204# US (Chicago)

Dial by your location
+1 301 715 8592 US (Washington DC)
+1 312 626 6799 US (Chicago)
+1 646 558 8656 US (New York)
+1 253 215 8782 US (Tacoma)
+1 346 248 7799 US (Houston)
+1 669 900 6833 US (San Jose)
855 880 1246 US Toll-free
877 369 0926 US Toll-free
+1 204 272 7920 Canada
+1 438 809 7799 Canada
+1 587 328 1099 Canada
+1 647 374 4685 Canada
+1 647 558 0588 Canada
+1 778 907 2071 Canada
855 703 8985 Canada Toll-free
Meeting ID: 954 4487 1204
Find your local number: https://zoom.us/u/ajM5n4AzZ


──────────

Going (lfn-tac@...)?   Yes - Maybe - No    more options »

Invitation from Google Calendar

You are receiving this courtesy email at the account lfn-tac@... because you are an attendee of this event.

To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://calendar.google.com/calendar/ and control your notification settings for your entire calendar.

Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn More.


Re: [E] [lfn-EUAG-Members] Intelligent networks - collaboration

Beth Cohen
 

Sorry I was unable to attend.  Sadly, this time will rarely work for me as it is my weekly staff meeting with my management!  These meetings do get canceled sometimes, but we will see how this works.  I saw the notes and I think that we are on the right direction.  I would suggest that we consider setting up a mini plenary – a couple of hours – to brainstorm how to move the work forward.

 


Verizon

Beth Cohen

DMTS - NFV/SDN Network Product Strategy
Verizon Business Group

O 781.466.2055
M 781.434.8553
60 Sylvan Rd.
Waltham, MA 02451

Facebook  Twitter

 

From: lfn-euag-members@... [mailto:lfn-euag-members@...] On Behalf Of Jim Baker
Sent: Wednesday, February 17, 2021 11:20 AM
To: lfn-euag-members <lfn-euag-members@...>; lfn-tac@...
Cc: Mike Woster <mwoster@...>
Subject: [E] [lfn-EUAG-Members] Intelligent networks - collaboration

 

Folks, 

Thank you for meeting today to discuss how we can advance our interests in AI/ML models in a collaborative fashion. While we didn't create a clear action plan, we firmly established this is an area of strong community interest. (today's notes)

 

To create a collaboration space, I've created a wiki page: https://wiki.lfnetworking.org/x/JIEZAw

 

I established some framework for the wiki page, but it is meant to be a place for sharing ideas - so please jump in!  I'll also create a series of discussions to seek actionable next steps in the coming weeks. If you have specific ideas on how we can take some first steps, I'd love to hear your thoughts!

Kind regards, 

Jim 

 

--

Jim Baker

Linux Foundation Networking - Technical Program Manager

mobile: +1 970 227 6007


Intelligent networks - collaboration

Jim Baker
 

Folks, 
Thank you for meeting today to discuss how we can advance our interests in AI/ML models in a collaborative fashion. While we didn't create a clear action plan, we firmly established this is an area of strong community interest. (today's notes)

To create a collaboration space, I've created a wiki page: https://wiki.lfnetworking.org/x/JIEZAw

I established some framework for the wiki page, but it is meant to be a place for sharing ideas - so please jump in!  I'll also create a series of discussions to seek actionable next steps in the coming weeks. If you have specific ideas on how we can take some first steps, I'd love to hear your thoughts!
Kind regards, 
Jim 

--
Jim Baker
Linux Foundation Networking - Technical Program Manager
mobile: +1 970 227 6007


Re: EXT: Re: [lfn-TAC] LFN TAC Meeting Minutes, Feb. 10, 2021

Martin Jackson
 

This, I think, is The Way...

Enterprises are looking at the whole pipeline, and tools that are specific to only the piece of the final artifact are not going to be sufficient.  (Necessary, but not sufficient might be a better way to put it.). We've had enough issues in recent years with glibc, shellshock, and other really low level components of userspace that the infra (base container etc) that the artifact sits in should be accounted for as well.

Thanks,

-- 

Martin Jackson // Distinguished Software Engineer
Enterprise Architecture, Tech Platform 

 




From: lfn-tac@... <lfn-tac@...> on behalf of Krzysztof Opasiak via lists.lfnetworking.org <k.opasiak=samsung.com@...>
Sent: Friday, February 12, 2021 1:25 PM
To: Ranny Haiby <ranny.haiby@...>; lfn-tac@... <lfn-tac@...>; FREEMAN, BRIAN D <bf1936@...>
Cc: morgan.richomme@... <morgan.richomme@...>; Alexander Mazuruk <a.mazuruk@...>
Subject: EXT: Re: [lfn-TAC] LFN TAC Meeting Minutes, Feb. 10, 2021
 
Hi,

That's true. Main issue with using only NexusIQ is that it performs the
scan based on pom.xml so we can catch vulnerabilities that exist in the
final "java bundle" but that's not enough.

ONAP is delivering to the community not only Java bundles but full
docker images that contains this bundle and dozen of other system tools
for example tomcat server.

That's why we are looking at tools like tern and scancode which can
analyze not only java project but a full docker image that we are
shipping. Based on this scan a full SBOM is generated and it can be used
for both license and vulnerability analysis.

On 12.02.2021 20:15, Ranny Haiby wrote:
> Hi,
>
> My colleague @Krzysztof Opasiak <mailto:k.opasiak@...> correctly
> commented that scanning Java dependencies is a good start, but there are
> vulnerabilities that come through Docker image dependencies. Our
> colleague @Alexander Mazuruk <mailto:a.mazuruk@...> recently did
> some excellent image dependency scanning work for ONAP together with
> @morgan.richomme@... <mailto:morgan.richomme@...>. They
> presented their work in the DDF:
>
> https://wiki.lfnetworking.org/display/LN/2021-02-01+-+Plenary%3A+Dynamic+License+Scanning
>
> Some of the tools used such as TERN and ScanCode may be used for image
> vulnerability scanning.
>
> Ranny.
>
> *From: *<lfn-tac@...> on behalf of Amy Zwarico
> <amy.zwarico@...>
> *Reply-To: *"lfn-tac@..."
> <lfn-tac@...>
> *Date: *Friday, February 12, 2021 at 6:40 AM
> *To: *"FREEMAN, BRIAN D" <bf1936@...>,
> "lfn-tac@..." <lfn-tac@...>
> *Subject: *Re: [lfn-TAC] LFN TAC Meeting Minutes, Feb. 10, 2021
> *Resent-From: *<ranny.haiby@...>
>
> Brian, thank you for trying it out and getting some real metrics!
>
> Today ONAP is running NexusIQ weekly and it generates an SBOM. There is
> an API that to get the SBOM in JSON or XML (I believe that NexusIQ uses
> the SPDX standard for SBOM encoding). I will get details from one of my
> co-workers when he’s back in the office (Nadeem Anwar). ONAP is using
> this information to provide PTLs a list of the vulnerable direct
> dependencies in their project that require updating. Note that the Linux
> Foundation makes NexusIQ available to all LF projects.
>
> An SBOM in and of itself does not prevent an attack, but it provides
> information about the code, can be used in conjunction with the National
> Vulnerability Database (NVD) to understand the know vulns associated
> with each package. NexusIQ provides both SBOM and the vulns in each
> package. Based on this information an organization can decide how much
> risk is associated with using unsupported/vulnerable package versions,
> develop tests for exploitability, or put other compensating controls in
> place.
>
> *From:* FREEMAN, BRIAN D <bf1936@...>
> *Sent:* Friday, February 12, 2021 8:16 AM
> *To:* lfn-tac@...
> *Cc:* ZWARICO, AMY <az9121@...>
> *Subject:* RE: [lfn-TAC] LFN TAC Meeting Minutes, Feb. 10, 2021
>
> Jason, Robert,
>
> Interesting tool.
>
> I added it to the parent pom.xml for one of the ONAP repo’s and did a
> test run
>
> quite intensive (saturated 1 cpu core for 5 minutes or so – single
> threaded ? )
>
> Not sure if there are other tools being used in Opensource for SBOM
> generation but the xml and json format of the data seems like it would
> be the kind of electronic format that could be provided with packaged
> software for those organizations that require SBOM tracking.
>
> We also have python code in a lot of projects so not sure how an SBOM
> would be created for that.
>
> I think this allows us to publish our dependencies so someone could
> quickly determine if we were affected by an attack on someone else.
>
> I don’t think this would prevent an attack on our code would it ?
>
> Brian
>
> *From:* lfn-tac@...
> <mailto:lfn-tac@...> <lfn-tac@...
> <mailto:lfn-tac@...>> *On Behalf Of *Jason Hunt
> *Sent:* Thursday, February 11, 2021 4:20 PM
> *To:* lfn-tac@... <mailto:lfn-tac@...>
> *Subject:* Re: [lfn-TAC] LFN TAC Meeting Minutes, Feb. 10, 2021
>
> Thanks Robert for the input.  What do other TAC members (and, in
> particular, project leads) think?
>
>
> Regards,
> Jason Hunt
> Distinguished Engineer, IBM
>
> Phone: +1-314-749-7422
> Email: djhunt@... <mailto:djhunt@...>
> Twitter: @DJHunt
>
>     ----- Original message -----
>     From: "Robert Varga" <nite@... <mailto:nite@...>>
>     Sent by: lfn-tac@...
>     <mailto:lfn-tac@...>
>     To: lfn-tac@...
>     <mailto:lfn-tac@...>
>     Cc:
>     Subject: [EXTERNAL] Re: [lfn-TAC] LFN TAC Meeting Minutes, Feb. 10, 2021
>     Date: Thu, Feb 11, 2021 1:45 PM
>
>     Hello everyone,
>
>     On 10/02/2021 17:03, Kenny Paul wrote:
>     > 2021-02-10 TAC Minutes
>     > <https://wiki.lfnetworking.org/display/LN/2021-02-10+TAC+Minutes
>     <https://urldefense.com/v3/__https:/wiki.lfnetworking.org/display/LN/2021-02-10*TAC*Minutes__;Kys!!BhdT!1n9ezeg5EKckzJjen2KT2rp1JvZ9fEou8q6GVmSLWkMni6OFU4nH2QwrFEup77I$>>
>
>     [snip]
>
>     >   * *Next version of LFN Technical Whitepaper Ranny Haiby
>     >     <https://wiki.lfnetworking.org/display/~rannyh
>     <https://urldefense.com/v3/__https:/wiki.lfnetworking.org/display/*rannyh__;fg!!BhdT!1n9ezeg5EKckzJjen2KT2rp1JvZ9fEou8q6GVmSLWkMni6OFU4nH2Qwr_8toVps$>>*
>     >       o 2021 Whitepaper Workgroup
>     >         <https://wiki.lfnetworking.org/display/LN/2021+Whitepaper+Workgroup
>     <https://urldefense.com/v3/__https:/wiki.lfnetworking.org/display/LN/2021*Whitepaper*Workgroup__;Kys!!BhdT!1n9ezeg5EKckzJjen2KT2rp1JvZ9fEou8q6GVmSLWkMni6OFU4nH2QwrR9-fcbM$>>
>     >       o Need volunteers to contribute - 1-2 hrs. per week for ~8 weeks
>     >       o Contributors also include folks that need to review content
>     >       o Project reps please mentioned at your next TSC meetings
>     >       o Brian Freeman
>     >         <https://wiki.lfnetworking.org/display/~bdfreeman1421
>     <https://urldefense.com/v3/__https:/wiki.lfnetworking.org/display/*bdfreeman1421__;fg!!BhdT!1n9ezeg5EKckzJjen2KT2rp1JvZ9fEou8q6GVmSLWkMni6OFU4nH2QwrCThWNdg$>>  -
>     eval
>     >         of SolarWinds type of attack on supply chain
>     >       o Martin Jackson
>     >         <https://wiki.lfnetworking.org/display/~mhjacks
>     <https://urldefense.com/v3/__https:/wiki.lfnetworking.org/display/*mhjacks__;fg!!BhdT!1n9ezeg5EKckzJjen2KT2rp1JvZ9fEou8q6GVmSLWkMni6OFU4nH2Qwr1bzg3_8$>> -
>     Supply chain
>     >         attacks is top of mind for enterprise - this was already FUD in
>     >         the enterprise space. Should discuss it head on.
>
>     Maven Central has provisions for SBOMs.
>
>     Would it make sense to create some guidance as how to deploy
>     https://github.com/CycloneDX/cyclonedx-maven-plugin
>     <https://urldefense.com/v3/__https:/github.com/CycloneDX/cyclonedx-maven-plugin__;!!BhdT!1n9ezeg5EKckzJjen2KT2rp1JvZ9fEou8q6GVmSLWkMni6OFU4nH2Qwr6Os4k44$> in
>     Java projects
>     based on which https://cyclonedx.org/use-cases/
>     <https://urldefense.com/v3/__https:/cyclonedx.org/use-cases/__;!!BhdT!1n9ezeg5EKckzJjen2KT2rp1JvZ9fEou8q6GVmSLWkMni6OFU4nH2QwrXAEV2cU$> are
>     deemed critical?
>
>     Regards,
>     Robert
>
>
>
>
>
>
>

--
Krzysztof Opasiak
Samsung R&D Institute Poland
Samsung Electronics






Re: LFN TAC Meeting Minutes, Feb. 10, 2021

Krzysztof Opasiak <k.opasiak@...>
 

Hi,

That's true. Main issue with using only NexusIQ is that it performs the
scan based on pom.xml so we can catch vulnerabilities that exist in the
final "java bundle" but that's not enough.

ONAP is delivering to the community not only Java bundles but full
docker images that contains this bundle and dozen of other system tools
for example tomcat server.

That's why we are looking at tools like tern and scancode which can
analyze not only java project but a full docker image that we are
shipping. Based on this scan a full SBOM is generated and it can be used
for both license and vulnerability analysis.

On 12.02.2021 20:15, Ranny Haiby wrote:
Hi,

My colleague @Krzysztof Opasiak <mailto:k.opasiak@...> correctly
commented that scanning Java dependencies is a good start, but there are
vulnerabilities that come through Docker image dependencies. Our
colleague @Alexander Mazuruk <mailto:a.mazuruk@...> recently did
some excellent image dependency scanning work for ONAP together with
@morgan.richomme@... <mailto:morgan.richomme@...>. They
presented their work in the DDF:

https://wiki.lfnetworking.org/display/LN/2021-02-01+-+Plenary%3A+Dynamic+License+Scanning

Some of the tools used such as TERN and ScanCode may be used for image
vulnerability scanning.

Ranny.

*From: *<lfn-tac@...> on behalf of Amy Zwarico
<amy.zwarico@...>
*Reply-To: *"lfn-tac@..."
<lfn-tac@...>
*Date: *Friday, February 12, 2021 at 6:40 AM
*To: *"FREEMAN, BRIAN D" <bf1936@...>,
"lfn-tac@..." <lfn-tac@...>
*Subject: *Re: [lfn-TAC] LFN TAC Meeting Minutes, Feb. 10, 2021
*Resent-From: *<ranny.haiby@...>

Brian, thank you for trying it out and getting some real metrics!

Today ONAP is running NexusIQ weekly and it generates an SBOM. There is
an API that to get the SBOM in JSON or XML (I believe that NexusIQ uses
the SPDX standard for SBOM encoding). I will get details from one of my
co-workers when he’s back in the office (Nadeem Anwar). ONAP is using
this information to provide PTLs a list of the vulnerable direct
dependencies in their project that require updating. Note that the Linux
Foundation makes NexusIQ available to all LF projects.

An SBOM in and of itself does not prevent an attack, but it provides
information about the code, can be used in conjunction with the National
Vulnerability Database (NVD) to understand the know vulns associated
with each package. NexusIQ provides both SBOM and the vulns in each
package. Based on this information an organization can decide how much
risk is associated with using unsupported/vulnerable package versions,
develop tests for exploitability, or put other compensating controls in
place.

*From:* FREEMAN, BRIAN D <bf1936@...>
*Sent:* Friday, February 12, 2021 8:16 AM
*To:* lfn-tac@...
*Cc:* ZWARICO, AMY <az9121@...>
*Subject:* RE: [lfn-TAC] LFN TAC Meeting Minutes, Feb. 10, 2021

Jason, Robert,

Interesting tool.

I added it to the parent pom.xml for one of the ONAP repo’s and did a
test run

quite intensive (saturated 1 cpu core for 5 minutes or so – single
threaded ? )

Not sure if there are other tools being used in Opensource for SBOM
generation but the xml and json format of the data seems like it would
be the kind of electronic format that could be provided with packaged
software for those organizations that require SBOM tracking.

We also have python code in a lot of projects so not sure how an SBOM
would be created for that.

I think this allows us to publish our dependencies so someone could
quickly determine if we were affected by an attack on someone else.

I don’t think this would prevent an attack on our code would it ?

Brian

*From:* lfn-tac@...
<mailto:lfn-tac@...> <lfn-tac@...
<mailto:lfn-tac@...>> *On Behalf Of *Jason Hunt
*Sent:* Thursday, February 11, 2021 4:20 PM
*To:* lfn-tac@... <mailto:lfn-tac@...>
*Subject:* Re: [lfn-TAC] LFN TAC Meeting Minutes, Feb. 10, 2021

Thanks Robert for the input.  What do other TAC members (and, in
particular, project leads) think?


Regards,
Jason Hunt
Distinguished Engineer, IBM

Phone: +1-314-749-7422
Email: djhunt@... <mailto:djhunt@...>
Twitter: @DJHunt

----- Original message -----
From: "Robert Varga" <nite@... <mailto:nite@...>>
Sent by: lfn-tac@...
<mailto:lfn-tac@...>
To: lfn-tac@...
<mailto:lfn-tac@...>
Cc:
Subject: [EXTERNAL] Re: [lfn-TAC] LFN TAC Meeting Minutes, Feb. 10, 2021
Date: Thu, Feb 11, 2021 1:45 PM

Hello everyone,

On 10/02/2021 17:03, Kenny Paul wrote:
> 2021-02-10 TAC Minutes
> <https://wiki.lfnetworking.org/display/LN/2021-02-10+TAC+Minutes
<https://urldefense.com/v3/__https:/wiki.lfnetworking.org/display/LN/2021-02-10*TAC*Minutes__;Kys!!BhdT!1n9ezeg5EKckzJjen2KT2rp1JvZ9fEou8q6GVmSLWkMni6OFU4nH2QwrFEup77I$>>

[snip]

>   * *Next version of LFN Technical Whitepaper Ranny Haiby
>     <https://wiki.lfnetworking.org/display/~rannyh
<https://urldefense.com/v3/__https:/wiki.lfnetworking.org/display/*rannyh__;fg!!BhdT!1n9ezeg5EKckzJjen2KT2rp1JvZ9fEou8q6GVmSLWkMni6OFU4nH2Qwr_8toVps$>>*
>       o 2021 Whitepaper Workgroup
>         <https://wiki.lfnetworking.org/display/LN/2021+Whitepaper+Workgroup
<https://urldefense.com/v3/__https:/wiki.lfnetworking.org/display/LN/2021*Whitepaper*Workgroup__;Kys!!BhdT!1n9ezeg5EKckzJjen2KT2rp1JvZ9fEou8q6GVmSLWkMni6OFU4nH2QwrR9-fcbM$>>
>       o Need volunteers to contribute - 1-2 hrs. per week for ~8 weeks
>       o Contributors also include folks that need to review content
>       o Project reps please mentioned at your next TSC meetings
>       o Brian Freeman
>         <https://wiki.lfnetworking.org/display/~bdfreeman1421
<https://urldefense.com/v3/__https:/wiki.lfnetworking.org/display/*bdfreeman1421__;fg!!BhdT!1n9ezeg5EKckzJjen2KT2rp1JvZ9fEou8q6GVmSLWkMni6OFU4nH2QwrCThWNdg$>>  -
eval
>         of SolarWinds type of attack on supply chain
>       o Martin Jackson
>         <https://wiki.lfnetworking.org/display/~mhjacks
<https://urldefense.com/v3/__https:/wiki.lfnetworking.org/display/*mhjacks__;fg!!BhdT!1n9ezeg5EKckzJjen2KT2rp1JvZ9fEou8q6GVmSLWkMni6OFU4nH2Qwr1bzg3_8$>> -
Supply chain
>         attacks is top of mind for enterprise - this was already FUD in
>         the enterprise space. Should discuss it head on.

Maven Central has provisions for SBOMs.

Would it make sense to create some guidance as how to deploy
https://github.com/CycloneDX/cyclonedx-maven-plugin
<https://urldefense.com/v3/__https:/github.com/CycloneDX/cyclonedx-maven-plugin__;!!BhdT!1n9ezeg5EKckzJjen2KT2rp1JvZ9fEou8q6GVmSLWkMni6OFU4nH2Qwr6Os4k44$> in
Java projects
based on which https://cyclonedx.org/use-cases/
<https://urldefense.com/v3/__https:/cyclonedx.org/use-cases/__;!!BhdT!1n9ezeg5EKckzJjen2KT2rp1JvZ9fEou8q6GVmSLWkMni6OFU4nH2QwrXAEV2cU$> are
deemed critical?

Regards,
Robert






--
Krzysztof Opasiak
Samsung R&D Institute Poland
Samsung Electronics


Re: LFN TAC Meeting Minutes, Feb. 10, 2021

Haiby, Ranny (Samsung) <ranny.haiby@...>
 

Hi,

 

My colleague @Krzysztof Opasiak correctly commented that scanning Java dependencies is a good start, but there are vulnerabilities that come through Docker image dependencies. Our colleague @Alexander Mazuruk recently did some excellent image dependency scanning work for ONAP together with @morgan.richomme@.... They presented their work in the DDF:

https://wiki.lfnetworking.org/display/LN/2021-02-01+-+Plenary%3A+Dynamic+License+Scanning

 

Some of the tools used such as TERN and ScanCode may be used for image vulnerability scanning.

 

Ranny.

 

 

From: <lfn-tac@...> on behalf of Amy Zwarico <amy.zwarico@...>
Reply-To: "lfn-tac@..." <lfn-tac@...>
Date: Friday, February 12, 2021 at 6:40 AM
To: "FREEMAN, BRIAN D" <bf1936@...>, "lfn-tac@..." <lfn-tac@...>
Subject: Re: [lfn-TAC] LFN TAC Meeting Minutes, Feb. 10, 2021
Resent-From: <ranny.haiby@...>

 

Brian, thank you for trying it out and getting some real metrics!

 

Today ONAP is running NexusIQ weekly and it generates an SBOM. There is an API that to get the SBOM in JSON or XML (I believe that NexusIQ uses the SPDX standard for SBOM encoding). I will get details from one of my co-workers when he’s back in the office (Nadeem Anwar). ONAP is using this information to provide PTLs a list of the vulnerable direct dependencies in their project that require updating. Note that the Linux Foundation makes NexusIQ available to all LF projects.

 

An SBOM in and of itself does not prevent an attack, but it provides information about the code, can be used in conjunction with the National Vulnerability Database (NVD) to understand the know vulns associated with each package. NexusIQ provides both SBOM and the vulns in each package. Based on this information an organization can decide how much risk is associated with using unsupported/vulnerable package versions, develop tests for exploitability, or put other compensating controls in place.

 

From: FREEMAN, BRIAN D <bf1936@...>
Sent: Friday, February 12, 2021 8:16 AM
To: lfn-tac@...
Cc: ZWARICO, AMY <az9121@...>
Subject: RE: [lfn-TAC] LFN TAC Meeting Minutes, Feb. 10, 2021

 

Jason, Robert,

 

Interesting tool.

 

I added it to the parent pom.xml for one of the ONAP repo’s and did a test run

 

quite intensive (saturated 1 cpu core for 5 minutes or so – single threaded ? )

 

Not sure if there are other tools being used in Opensource for SBOM generation but the xml and json format of the data seems like it would be the kind of electronic format that could be provided with packaged software for those organizations that require SBOM tracking.

 

We also have python code in a lot of projects so not sure how an SBOM would be created for that.

 

I think this allows us to publish our dependencies so someone could quickly determine if we were affected by an attack on someone else.

 

I don’t think this would prevent an attack on our code would it ?

 

Brian

 

 

 

 

 

 

 

From: lfn-tac@... <lfn-tac@...> On Behalf Of Jason Hunt
Sent: Thursday, February 11, 2021 4:20 PM
To: lfn-tac@...
Subject: Re: [lfn-TAC] LFN TAC Meeting Minutes, Feb. 10, 2021

 

 

Thanks Robert for the input.  What do other TAC members (and, in particular, project leads) think?

 


Regards,
Jason Hunt
Distinguished Engineer, IBM

Phone: +1-314-749-7422
Email: djhunt@...
Twitter: @DJHunt

 

 

----- Original message -----
From: "Robert Varga" <nite@...>
Sent by: lfn-tac@...
To: lfn-tac@...
Cc:
Subject: [EXTERNAL] Re: [lfn-TAC] LFN TAC Meeting Minutes, Feb. 10, 2021
Date: Thu, Feb 11, 2021 1:45 PM
 

Hello everyone,

On 10/02/2021 17:03, Kenny Paul wrote:
> 2021-02-10 TAC Minutes
> <https://wiki.lfnetworking.org/display/LN/2021-02-10+TAC+Minutes>

[snip]

>   * *Next version of LFN Technical Whitepaper Ranny Haiby
>     <https://wiki.lfnetworking.org/display/~rannyh>*
>       o 2021 Whitepaper Workgroup
>         <https://wiki.lfnetworking.org/display/LN/2021+Whitepaper+Workgroup>
>       o Need volunteers to contribute - 1-2 hrs. per week for ~8 weeks
>       o Contributors also include folks that need to review content
>       o Project reps please mentioned at your next TSC meetings
>       o Brian Freeman
>         <https://wiki.lfnetworking.org/display/~bdfreeman1421>  - eval
>         of SolarWinds type of attack on supply chain
>       o Martin Jackson
>         <https://wiki.lfnetworking.org/display/~mhjacks> - Supply chain
>         attacks is top of mind for enterprise - this was already FUD in
>         the enterprise space. Should discuss it head on.

Maven Central has provisions for SBOMs.

Would it make sense to create some guidance as how to deploy
https://github.com/CycloneDX/cyclonedx-maven-plugin in Java projects
based on which https://cyclonedx.org/use-cases/ are deemed critical?

Regards,
Robert





 

 

 

 


Re: LFN TAC Meeting Minutes, Feb. 10, 2021

Amy Zwarico <amy.zwarico@...>
 

Brian, thank you for trying it out and getting some real metrics!

 

Today ONAP is running NexusIQ weekly and it generates an SBOM. There is an API that to get the SBOM in JSON or XML (I believe that NexusIQ uses the SPDX standard for SBOM encoding). I will get details from one of my co-workers when he’s back in the office (Nadeem Anwar). ONAP is using this information to provide PTLs a list of the vulnerable direct dependencies in their project that require updating. Note that the Linux Foundation makes NexusIQ available to all LF projects.

 

An SBOM in and of itself does not prevent an attack, but it provides information about the code, can be used in conjunction with the National Vulnerability Database (NVD) to understand the know vulns associated with each package. NexusIQ provides both SBOM and the vulns in each package. Based on this information an organization can decide how much risk is associated with using unsupported/vulnerable package versions, develop tests for exploitability, or put other compensating controls in place.

 

From: FREEMAN, BRIAN D <bf1936@...>
Sent: Friday, February 12, 2021 8:16 AM
To: lfn-tac@...
Cc: ZWARICO, AMY <az9121@...>
Subject: RE: [lfn-TAC] LFN TAC Meeting Minutes, Feb. 10, 2021

 

Jason, Robert,

 

Interesting tool.

 

I added it to the parent pom.xml for one of the ONAP repo’s and did a test run

 

quite intensive (saturated 1 cpu core for 5 minutes or so – single threaded ? )

 

Not sure if there are other tools being used in Opensource for SBOM generation but the xml and json format of the data seems like it would be the kind of electronic format that could be provided with packaged software for those organizations that require SBOM tracking.

 

We also have python code in a lot of projects so not sure how an SBOM would be created for that.

 

I think this allows us to publish our dependencies so someone could quickly determine if we were affected by an attack on someone else.

 

I don’t think this would prevent an attack on our code would it ?

 

Brian

 

 

 

 

 

 

 

From: lfn-tac@... <lfn-tac@...> On Behalf Of Jason Hunt
Sent: Thursday, February 11, 2021 4:20 PM
To: lfn-tac@...
Subject: Re: [lfn-TAC] LFN TAC Meeting Minutes, Feb. 10, 2021

 

 

Thanks Robert for the input.  What do other TAC members (and, in particular, project leads) think?

 


Regards,
Jason Hunt
Distinguished Engineer, IBM

Phone: +1-314-749-7422
Email: djhunt@...
Twitter: @DJHunt

 

 

----- Original message -----
From: "Robert Varga" <nite@...>
Sent by: lfn-tac@...
To: lfn-tac@...
Cc:
Subject: [EXTERNAL] Re: [lfn-TAC] LFN TAC Meeting Minutes, Feb. 10, 2021
Date: Thu, Feb 11, 2021 1:45 PM
 

Hello everyone,

On 10/02/2021 17:03, Kenny Paul wrote:
> 2021-02-10 TAC Minutes
> <https://wiki.lfnetworking.org/display/LN/2021-02-10+TAC+Minutes>

[snip]

>   * *Next version of LFN Technical Whitepaper Ranny Haiby
>     <https://wiki.lfnetworking.org/display/~rannyh>*
>       o 2021 Whitepaper Workgroup
>         <https://wiki.lfnetworking.org/display/LN/2021+Whitepaper+Workgroup>
>       o Need volunteers to contribute - 1-2 hrs. per week for ~8 weeks
>       o Contributors also include folks that need to review content
>       o Project reps please mentioned at your next TSC meetings
>       o Brian Freeman
>         <https://wiki.lfnetworking.org/display/~bdfreeman1421>  - eval
>         of SolarWinds type of attack on supply chain
>       o Martin Jackson
>         <https://wiki.lfnetworking.org/display/~mhjacks> - Supply chain
>         attacks is top of mind for enterprise - this was already FUD in
>         the enterprise space. Should discuss it head on.

Maven Central has provisions for SBOMs.

Would it make sense to create some guidance as how to deploy
https://github.com/CycloneDX/cyclonedx-maven-plugin in Java projects
based on which https://cyclonedx.org/use-cases/ are deemed critical?

Regards,
Robert





 

 

 

 


Re: LFN TAC Meeting Minutes, Feb. 10, 2021

Brian Freeman
 

Jason, Robert,

 

Interesting tool.

 

I added it to the parent pom.xml for one of the ONAP repo’s and did a test run

 

quite intensive (saturated 1 cpu core for 5 minutes or so – single threaded ? )

 

Not sure if there are other tools being used in Opensource for SBOM generation but the xml and json format of the data seems like it would be the kind of electronic format that could be provided with packaged software for those organizations that require SBOM tracking.

 

We also have python code in a lot of projects so not sure how an SBOM would be created for that.

 

I think this allows us to publish our dependencies so someone could quickly determine if we were affected by an attack on someone else.

 

I don’t think this would prevent an attack on our code would it ?

 

Brian

 

 

 

 

 

 

 

From: lfn-tac@... <lfn-tac@...> On Behalf Of Jason Hunt
Sent: Thursday, February 11, 2021 4:20 PM
To: lfn-tac@...
Subject: Re: [lfn-TAC] LFN TAC Meeting Minutes, Feb. 10, 2021

 

 

Thanks Robert for the input.  What do other TAC members (and, in particular, project leads) think?

 


Regards,
Jason Hunt
Distinguished Engineer, IBM

Phone: +1-314-749-7422
Email: djhunt@...
Twitter: @DJHunt

 

 

----- Original message -----
From: "Robert Varga" <nite@...>
Sent by: lfn-tac@...
To: lfn-tac@...
Cc:
Subject: [EXTERNAL] Re: [lfn-TAC] LFN TAC Meeting Minutes, Feb. 10, 2021
Date: Thu, Feb 11, 2021 1:45 PM
 

Hello everyone,

On 10/02/2021 17:03, Kenny Paul wrote:
> 2021-02-10 TAC Minutes
> <https://wiki.lfnetworking.org/display/LN/2021-02-10+TAC+Minutes>

[snip]

>   * *Next version of LFN Technical Whitepaper Ranny Haiby
>     <https://wiki.lfnetworking.org/display/~rannyh>*
>       o 2021 Whitepaper Workgroup
>         <https://wiki.lfnetworking.org/display/LN/2021+Whitepaper+Workgroup>
>       o Need volunteers to contribute - 1-2 hrs. per week for ~8 weeks
>       o Contributors also include folks that need to review content
>       o Project reps please mentioned at your next TSC meetings
>       o Brian Freeman
>         <https://wiki.lfnetworking.org/display/~bdfreeman1421>  - eval
>         of SolarWinds type of attack on supply chain
>       o Martin Jackson
>         <https://wiki.lfnetworking.org/display/~mhjacks> - Supply chain
>         attacks is top of mind for enterprise - this was already FUD in
>         the enterprise space. Should discuss it head on.

Maven Central has provisions for SBOMs.

Would it make sense to create some guidance as how to deploy
https://github.com/CycloneDX/cyclonedx-maven-plugin in Java projects
based on which https://cyclonedx.org/use-cases/ are deemed critical?

Regards,
Robert





 

 

 

 


Re: LFN TAC Meeting Minutes, Feb. 10, 2021

Jason Hunt
 

 
Thanks Robert for the input.  What do other TAC members (and, in particular, project leads) think?
 

Regards,
Jason Hunt
Distinguished Engineer, IBM

Phone: +1-314-749-7422
Email: djhunt@...
Twitter: @DJHunt
 
 

----- Original message -----
From: "Robert Varga" <nite@...>
Sent by: lfn-tac@...
To: lfn-tac@...
Cc:
Subject: [EXTERNAL] Re: [lfn-TAC] LFN TAC Meeting Minutes, Feb. 10, 2021
Date: Thu, Feb 11, 2021 1:45 PM
 
Hello everyone,

On 10/02/2021 17:03, Kenny Paul wrote:
> 2021-02-10 TAC Minutes
> <https://wiki.lfnetworking.org/display/LN/2021-02-10+TAC+Minutes>

[snip]

>   * *Next version of LFN Technical Whitepaper Ranny Haiby
>     <https://wiki.lfnetworking.org/display/~rannyh>*
>       o 2021 Whitepaper Workgroup
>         <https://wiki.lfnetworking.org/display/LN/2021+Whitepaper+Workgroup>
>       o Need volunteers to contribute - 1-2 hrs. per week for ~8 weeks
>       o Contributors also include folks that need to review content
>       o Project reps please mentioned at your next TSC meetings
>       o Brian Freeman
>         <https://wiki.lfnetworking.org/display/~bdfreeman1421>  - eval
>         of SolarWinds type of attack on supply chain
>       o Martin Jackson
>         <https://wiki.lfnetworking.org/display/~mhjacks> - Supply chain
>         attacks is top of mind for enterprise - this was already FUD in
>         the enterprise space. Should discuss it head on.

Maven Central has provisions for SBOMs.

Would it make sense to create some guidance as how to deploy
https://github.com/CycloneDX/cyclonedx-maven-plugin in Java projects
based on which https://cyclonedx.org/use-cases/ are deemed critical?

Regards,
Robert





 
 


Re: LFN TAC Meeting Minutes, Feb. 10, 2021

Robert Varga
 

Hello everyone,

On 10/02/2021 17:03, Kenny Paul wrote:
2021-02-10 TAC Minutes
<https://wiki.lfnetworking.org/display/LN/2021-02-10+TAC+Minutes>
[snip]

* *Next version of LFN Technical Whitepaper Ranny Haiby
<https://wiki.lfnetworking.org/display/~rannyh>*
o 2021 Whitepaper Workgroup
<https://wiki.lfnetworking.org/display/LN/2021+Whitepaper+Workgroup>
o Need volunteers to contribute - 1-2 hrs. per week for ~8 weeks
o Contributors also include folks that need to review content
o Project reps please mentioned at your next TSC meetings
o Brian Freeman
<https://wiki.lfnetworking.org/display/~bdfreeman1421>  - eval
of SolarWinds type of attack on supply chain
o Martin Jackson
<https://wiki.lfnetworking.org/display/~mhjacks> - Supply chain
attacks is top of mind for enterprise - this was already FUD in
the enterprise space. Should discuss it head on.
Maven Central has provisions for SBOMs.

Would it make sense to create some guidance as how to deploy
https://github.com/CycloneDX/cyclonedx-maven-plugin in Java projects
based on which https://cyclonedx.org/use-cases/ are deemed critical?

Regards,
Robert


LFN TAC Meeting Minutes, Feb. 10, 2021

Kenny Paul
 

2021-02-10 TAC Minutes

 

Member

Representing

Member

Representing

Member

Representing

Al Morton

ANUKET (TAC)

x

Ed Warnicke

FD.io (TAC)

x

Morgan Richomme

Orange

x

@Anil Guntupalli

Verizon

@Eyal Felstaine

Amdocs

Olaf Renner

Nokia

x

@Anil Kapur

Juniper

Frank Brockners 

Cisco

X

Prabhjot Singh Sethi

TF (incubation)

Brian Freeman

AT&T

x

Jason Hunt 

IBM

X

Ramesh Nagarajan

Google

Catherine Lefevre

ONAP (TAC)

Kalyankumar Asangi

Huawei

Ranny Haiby 

Samsung

X

ChangJin Wang

ZTE

Lingli Deng 

China Mobile

Robert Varga

ODL (TAC)

Christian Olrog

Ericsson

x

Marc Fiedler 

Deutsche Telekom

x

Timothy Verrall 

Intel

x

@David Sauvageau

Bell Canada

Martin Jackson

Walmart

x

tom nadeau 

Red Hat

Dhananjay Pavgi 

Tech Mahindra

Mike Lazar

OPX (sandbox)

Xiaojun Xie

China Telecom

TBD

XGVela (sandbox)

LF Staff: Kenny Paul,  Jim BakerBrandon WickHeather KirkseyTrishan de Lanerolle

Others: Timo PeralaBeth CohenTina Tsou

 

Minutes

  • Welcome Martin Jackson from Walmart - new Platinum member
    • Working internally to grow expertise in this space
    • Looking to understand strategy and direction of LFN at this stage

 

  • Developer & Testing Forum Feedback
    • PLEASE take the Survey if you attended - closes on the 17th
    • Feedback from the technical event
      • Strong interest by communities - often had 3 parallel tracks - perhaps a different platform for non-interactive presentations - focus technical events on interaction/brain-storming
      • Maybe a YouTube channel that can be used for more presentation based info
      • Developer advocacy videos - demo showcase, project lead interviews, live-coding sessions, interactive meetings/discussions
      • FD.io planning deep dive webinars
      • Would like all presentation recordings on the YouTube as well
      • Each community should have its own channel as not to flood the LFN level channel, making it difficult to navigate
      • 4-5 community members from each community should have YouTube keys

 

  • EUAG Discussion and Planned Collaboration Session 
    • 2 presos at the Dev event
    • How can we ger vendors and operators together to better exchange information
    • Meeting on the 17th is on the TAC calendar - 1430 UTC 17 Feb 2021 
    • Beth Cohen operator data is obviously sensitive info and challenge is presenting data in an anonymous fashion

 

  • TAC Lifecycle Documentation draft Review 
    • doc in draft translating the service tier spreadsheet to a narrative is in draft by LFN Staff
    • Will be discussed on the list once ready

 

  • Next version of LFN Technical Whitepaper Ranny Haiby
    • 2021 Whitepaper Workgroup
    • Need volunteers to contribute - 1-2 hrs. per week for ~8 weeks
    • Contributors also include folks that need to review content
    • Project reps please mentioned at your next TSC meetings
    • Brian Freeman  - eval of SolarWinds type of attack on supply chain
    • Martin Jackson - Supply chain attacks is top of mind for enterprise - this was already FUD in the enterprise space. Should discuss it head on.

 

  • Interaction with other communities Brian Freeman
    • LFN needs clarity/documentation around where LFN's interaction is with other foundations (LF-Edge, LF-AI, etc.)
    • Specific wiki page a logical step
    • Heather Kirksey - although we've tried many of the organic cross- pollination conversations that would normally occur at an event just don't materialize during virtual events.
    • topic for a future meeting

Action items

  • Casey Cain overview the YouTube channels for LFN and projects structure in TAC prior to delivering the keys to the project communities 24 Feb 2021 
  • Jim Baker reach out to LF-AI to attend the meeting on the 17th 11 Feb 2021 
  • LFN Staff ask communities what expectations they have of the next whitepaper 24 Feb 2021 
  • Kenny Paul add cross community awareness and documentation as a future meeting topic (4 weeks out) 10 Feb 2021 
  • Kenny Paul add Event survey results to next meeting agenda. 10 Feb 2021 

 

 

Thanks!

-kenny

 


LFN Technical Advisory Council - Wed, 02/10/2021 #cal-notice

lfn-tac@lists.lfnetworking.org Calendar <noreply@...>
 

LFN Technical Advisory Council

When:
Wednesday, 10 February 2021
7:00am to 8:00am
(GMT-08:00) America/Los Angeles

Where:
https://zoom.us/j/560486345?pwd=QXNHRVgyMEtURFVjMDhUUGZ4ZVhFQT09

Organizer:
ccain@...

Description:

Linux Foundation Networking is inviting you to a scheduled Zoom meeting.
 
Topic: LFN Technical Advisory Council
Time: This is a recurring meeting Meet anytime
 
Join Zoom Meeting
https://zoom.us/j/560486345?pwd=QXNHRVgyMEtURFVjMDhUUGZ4ZVhFQT09
 
Meeting ID: 560 486 345
Passcode: 322474
One tap mobile
+13462487799,,560486345# US (Houston)
+16699006833,,560486345# US (San Jose)
 
Dial by your location
        +1 346 248 7799 US (Houston)
        +1 669 900 6833 US (San Jose)
        +1 253 215 8782 US (Tacoma)
        +1 312 626 6799 US (Chicago)
        +1 646 558 8656 US (New York)
        +1 301 715 8592 US (Germantown)
        877 369 0926 US Toll-free
        855 880 1246 US Toll-free
        +1 438 809 7799 Canada
        +1 587 328 1099 Canada
        +1 647 374 4685 Canada
        +1 647 558 0588 Canada
        +1 778 907 2071 Canada
        +1 204 272 7920 Canada
        855 703 8985 Canada Toll-free
        +86 10 8783 3177 China
        +86 10 5387 6330 China
        400 616 8835 China Toll-free
        400 669 9381 China Toll-free
        400 182 3168 China Toll-free
        +91 22 71 279 525 India
        +91 406 480 2722 India
        +91 446 480 2722 India
        +91 806 480 2722 India
        +91 80 71 279 440 India
        +91 116 480 2722 India
        +91 22 48 798 004 India
        +91 224 879 8012 India
        +91 226 480 2722 India
        000 800 050 5050 India Toll-free
        000 800 040 1530 India Toll-free
Meeting ID: 560 486 345
Find your local number: https://zoom.us/u/bB8IumSv
 

241 - 260 of 1280