Hi Michael,
Thanks for the known vulnerability analysis
(https://wiki.onap.org/pages/viewpage.action?pageId=28377537). I had a few
questions:
For aaf-authz-docker (com.thoughtworks.xstream), I couldn't quite understand
the analysis and your understanding of the exposure that SDC has to the
Hi Dan,
Thank-you for the report on the SDC known vulernabilities -
https://wiki.onap.org/pages/viewpage.action?pageId=28379582 .
For most of the impacts it states that low risk - only occurs in design tool
(dgbuilder). How is this tool used by SDNC? Is it used in the runtime
environment,
Hi Ram,
Thanks for the review of the known vulnerabilities for AAF:
https://wiki.onap.org/pages/viewpage.action?pageId=28380057
I note that the actions are still work in progress - do you have an estimated
time for the analysis. In the analysis, it would be great if you consider
whether the
Hi Alla,
It will be the week of June 19th in Beijing. The site should be finalized this
week.
Best Regards,
-kenny
Kenny Paul, Technical Program Manager, The Linux Foundation
kp...@linuxfoundation.org, 510.766.5945
San Francisco Bay Area, Pacific Time Zone
> On Mar 31, 2018, at 11:18 PM,
Hi Steve,
Thanks for your comment.
I've updated the wiki page
(https://wiki.onap.org/pages/viewpage.action?pageId=28378623) with the relevant
impact on most of the issues.
A few issues are still under investigation (marked TBD), as we still try to
upgrade as many dependencies to a
Hi Amichai and Ofir,
Thank-you for your known vulnerability analysis of vid
(https://wiki.onap.org/pages/viewpage.action?pageId=28378623).
For the vulnerabilities for where there is no fix, do you have an analysis of
how VID uses the imported code so that the implications of the risk can be
Hi Jimmy,
Thank-you for the impressive known vulnerability analysis of AAI. You have
informed me that a lot of the vulnerabilities are associated with components
that you are upgrading/replacing. Can you please inform me when that is done.
I note that aai/gizmo (org.apache.httpcomponents)
Hi Amy,
Pls find my answers inline and let me know if additional details required.
Thanks
Regards
Kanagaraj M
-
Be transparent! Win together !!
Stephen,
We are introducing a change in functionality that bypasses this code in
Beijing, but it is a late addition. We will need to support the use of this
code for backwards compatibility until we can fully vet the new functionality
works and we can switch to it completely to deprecate the
Steve,
The dgbuilder is a design time tool. We use it to create and update the
directed graphs, which then get stored in Gerrit and managed from there as
source code.
Eventually we’d like to support using the dgbuilder as an editor integrated
with SDC at run time to update and deploy new
Hi Pam,
Thanks for the reply. For the vulnerabilities that remain due to e.g.
backwards compatibility, can we be clear about the exposure of the risk to ONAP
in the impact analysis.
BR,
Steve
From: DRAGOSH, PAMELA L (PAM) [mailto:pdrag...@research.att.com]
Sent: Monday, April 02, 2018 1:31
Thanks Ranny for creating the Gliffy diagram.
You deciphered properly all my handwritting:)
Thanks,
Gildas
ONAP Release Manager
1 415 238 6287
From: Haiby, Ranny (Nokia - US/San Jose) [mailto:ranny.ha...@nokia.com]
Sent: Friday, March 30, 2018 11:20 AM
To: onap-tsc
Cc:
Dear All,
As discussed in TSC meeting last week at ONS; ONAP-University sub-committee
will lead the effort to share ONAP experience/learnings. I will be in transit
this Thursday and hence will have delegate attend TSC. However, would like to
start the process of arriving at calendar/schedule.
Sai, Jonathan - Any thoughts on this?
From: Stephen Terrill [mailto:stephen.terr...@ericsson.com]
Sent: Monday, April 02, 2018 2:59 AM
To: KOYA, RAMPRASAD
Cc: onap-sec...@lists.onap.org; onap-tsc
Subject: Known vulnerability analysis of AAF
Hi Ram,
Hi Vladimir,
Since I wrote this email, a bit of changes came into play (cf attached email).
There is the introduction of end-user advisory committee who help into defining
priorities and will feed in the usecase committee.
The "E2E Release Use Case Approval" milestone help into streamlining the
15 matches
Mail list logo