5 April SECCOM update for the PTLs.
* SECCOM is proposing that the TSC promote vulnerable package upgrade (REQ-439<https://jira.onap.org/browse/REQ-439>) and CII Badging (REQ-443<https://jira.onap.org/browse/REQ-443>) to Global Requirements for Istanbul. * Package upgrades will be negotiated with the PTLs based on NexusIQ reports * Package upgrades to be complete at code freeze * SECCOM Istanbul vulnerable package update recommendations will be created after Honolulu RC0/RC1 * CII badging requirements for the Istanbul release: crypto questions plus unanswered questions from prior releases * Please email SECCOM ([email protected]) if you are a project with repos that do not write log files stdout. SECCOM needs this input to evaluate whether to request that the TSC promote the Logging POC (REQ-441<https://jira.onap.org/browse/REQ-441>) to a Best Practice * The LF is setting up SonarCloud training sessions and can make those sessions available to PTLs. * Java and Python upgrade status continues to improve * Remaining (March 29) Java 8: 36/104 repos (improvement of 2 from March 4) * Remaining (March 29) Python 2: 24/63 repos (improvement of 16 from March 4) Amy Zwarico, LMTS Chief Security Office / Platform Security AT&T Services (205) 613-1667 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#23105): https://lists.onap.org/g/onap-discuss/message/23105 Mute This Topic: https://lists.onap.org/mt/81867163/21656 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
