Re: [Onap-seccom] [onap-discuss] SECCOM 5 April update for PTLs

[Tony Hansen]

Are the repos for these projects marked as readonly in Gerrit?

Is there a release name or date available for each of these as to when they 
were first considered unmaintained? An example might be “beginning with the 
Honolulu release.”

It would also be good if the wiki pages that 
https://wiki.onap.org/display/DW/Unmaintained+State+Projects points to were to 
be modified to indicate clearly that they are indeed unmaintained.

Examples from the CII badging folks on how to clearly mark a project as 
unmaintained that apply to ONAP are:

For example, use “DEPRECATED” as the first heading of its README title, . . . 
add a no-maintenance-intended badge ( https://unmaintained.tech/ ) in its 
README, and/or use the code repository's marking system (e.g., . . . Gerrit's 
"readonly" status, . . .). Additional discussion can be found here: 
https://medium.com/maintainer-io/how-to-deprecate-a-repository-on-github-8f0ceb9155e
 .

- Tony

From: <onap-discuss@lists.onap.org> on behalf of Thomas Kulik 
<thomas.ku...@telekom.de>
Reply-To: "onap-discuss@lists.onap.org" <onap-discuss@lists.onap.org>, 
"thomas.ku...@telekom.de" <thomas.ku...@telekom.de>
Date: Tuesday, April 6, 2021 at 1:53 PM
To: "fabian.rouz...@orange.com" <fabian.rouz...@orange.com>, 
"onap-discuss@lists.onap.org" <onap-discuss@lists.onap.org>, 
"morgan.richo...@orange.com" <morgan.richo...@orange.com>, "ZWARICO, AMY" 
<az9...@att.com>
Cc: "onap-sec...@lists.onap.org" <onap-sec...@lists.onap.org>
Subject: Re: [Onap-seccom] [onap-discuss] SECCOM 5 April update for PTLs

Hi Fabian.

A general definition can be found here:
Project State: Unmaintained
https://wiki.onap.org/x/Pw_LBQ<https://urldefense.com/v3/__https:/wiki.onap.org/x/Pw_LBQ__;!!BhdT!1WzY_Vl2G9rM0xKd72qWvmp9FiqA2H7oTSXX35pOEgi0h_xwh_2VihczNA$>

The list of unmaintained state projects is here:
https://wiki.onap.org/x/GyGLBQ<https://urldefense.com/v3/__https:/wiki.onap.org/x/GyGLBQ__;!!BhdT!1WzY_Vl2G9rM0xKd72qWvmp9FiqA2H7oTSXX35pOEgi0h_xwh_1U9xenqg$>
Best regards,
Thomas

Von: fabian.rouz...@orange.com <fabian.rouz...@orange.com>
Gesendet: Dienstag, 6. April 2021 17:21
An: Kulik, Thomas <thomas.ku...@telekom.de>; onap-discuss@lists.onap.org; 
RICHOMME Morgan TGI/OLN <morgan.richo...@orange.com>; amy.zwar...@att.com
Cc: onap-sec...@lists.onap.org
Betreff: RE: [Onap-seccom] [onap-discuss] SECCOM 5 April update for PTLs

Hi Thomas,
Do we have a list for the ‘unmaintained project”?
Br
Fabian


De : onap-sec...@lists.onap.org<mailto:onap-sec...@lists.onap.org> 
[mailto:onap-sec...@lists.onap.org] De la part de 
thomas.ku...@telekom.de<mailto:thomas.ku...@telekom.de>
Envoyé : mardi 6 avril 2021 14:53
À : onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>; RICHOMME 
Morgan TGI/OLN <morgan.richo...@orange.com<mailto:morgan.richo...@orange.com>>; 
amy.zwar...@att.com<mailto:amy.zwar...@att.com>
Cc : onap-sec...@lists.onap.org<mailto:onap-sec...@lists.onap.org>
Objet : Re: [Onap-seccom] [onap-discuss] SECCOM 5 April update for PTLs


Just a small hint about wording: Please use „unmaintained“ instead of “in 
maintenance mode”.

/Thomas
Von: onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org> 
<onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>> Im Auftrag 
von Morgan Richomme via lists.onap.org
Gesendet: Dienstag, 6. April 2021 14:07
An: onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>; 
amy.zwar...@att.com<mailto:amy.zwar...@att.com>
Cc: onap-sec...@lists.onap.org<mailto:onap-sec...@lists.onap.org>
Betreff: Re: [onap-discuss] SECCOM 5 April update for PTLs

last weekly report available here (it includes the RC0): 
https://logs.onap.org/onap-integration/weekly/onap_weekly_pod4_master/2021-04/03_22-48/security/versions/versions.html<https://urldefense.com/v3/__https:/logs.onap.org/onap-integration/weekly/onap_weekly_pod4_master/2021-04/03_22-48/security/versions/versions.html__;!!BhdT!1WzY_Vl2G9rM0xKd72qWvmp9FiqA2H7oTSXX35pOEgi0h_xwh_0JbJ5kJA$>

Java 8: 24+3 (dual java8 and java11)
Python 2.7: 13 + 10 (dual python 2.7 and python 3)

if we look at the issues
java 8
- portal: in maintenance mode since Honolulu
- music: in maintenance since Guilin
- msb:  not sure that it is officially in maintenance but not lots of changes 
recently
- esr: in maintenanc emode since Guilin
- appc in maintenance mode since Guilin
- ...

python 2.7
- appc: in maintenance mode since Guilin
- awx: tooling
- dcae
- robot: tooling
- uui
- vfx-huawei-vnf-driver
-...

I raised the question on appc in a gerrit as the HC is also regularly FAIL
As far as I can see appc is still mentioned in 2 use cases (vFWDT and scaleout) 
but should we not
- remove appc from the deployment
- in the vFWDT and scaleout use case doc, if they are still maintained, 
indicate how to launch the old appc for the use case but not include appc in 
teh official honolulu deployment

I know that there was a working group on this topic and that the question of 
dependencies is tricky..music > OOF,, MSB > CNF use cases...

/Morgan
________________________________
De : onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org> 
[onap-discuss@lists.onap.org] de la part de Amy Zwarico [amy.zwar...@att.com]
Envoyé : lundi 5 avril 2021 17:45
À : onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>
Cc : onap-sec...@lists.onap.org<mailto:onap-sec...@lists.onap.org>
Objet : [onap-discuss] SECCOM 5 April update for PTLs
5 April SECCOM update for the PTLs.


  *   SECCOM is proposing that the TSC promote vulnerable package upgrade 
(REQ-439<https://urldefense.com/v3/__https:/jira.onap.org/browse/REQ-439__;!!BhdT!1WzY_Vl2G9rM0xKd72qWvmp9FiqA2H7oTSXX35pOEgi0h_xwh_1IbRAjJA$>)
 and CII Badging 
(REQ-443<https://urldefense.com/v3/__https:/jira.onap.org/browse/REQ-443__;!!BhdT!1WzY_Vl2G9rM0xKd72qWvmp9FiqA2H7oTSXX35pOEgi0h_xwh_1x12FqTQ$>)
 to Global Requirements for Istanbul.

     *   Package upgrades will be negotiated with the PTLs based on NexusIQ 
reports
     *   Package upgrades to be complete at code freeze
     *   SECCOM Istanbul vulnerable package update recommendations will be 
created after Honolulu RC0/RC1
     *   CII badging requirements for the Istanbul release: crypto questions 
plus unanswered questions from prior releases

  *   Please email SECCOM 
(onap-sec...@lists.onap.org<mailto:onap-sec...@lists.onap.org>) if you are a 
project with repos that do not write log files stdout. SECCOM needs this input 
to evaluate whether to request that the TSC promote the Logging POC 
(REQ-441<https://urldefense.com/v3/__https:/jira.onap.org/browse/REQ-441__;!!BhdT!1WzY_Vl2G9rM0xKd72qWvmp9FiqA2H7oTSXX35pOEgi0h_xwh_2jUkLRQw$>)
 to a Best Practice
  *   The LF is setting up SonarCloud training sessions and can make those 
sessions available to PTLs.
  *   Java and Python upgrade status continues to improve

     *   Remaining (March 29) Java 8: 36/104 repos (improvement of 2 from March 
4)
     *   Remaining (March 29) Python 2: 24/63 repos (improvement of 16 from 
March 4)

Amy Zwarico, LMTS
Chief Security Office / Platform Security
AT&T Services
(205) 613-1667

_._,_._,_


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#23113): https://lists.onap.org/g/onap-discuss/message/23113
Mute This Topic: https://lists.onap.org/mt/81896416/21656
Group Owner: onap-discuss+ow...@lists.onap.org
Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-