-
We discussed the existing openstack VMC Security Committee Vulnerability process
We will have a similar process for OPNFV developed code
It is also important to have a known method to get security issues we find sent upstream-ed
Most of our “code” we generate is glue to script the installation, configuration, and testing of other upstream components <— what follows is that we won’t be creating very many binary artifacts that might have vulnerabilities
There may be some binary artifacts from code we create such as a vloop vm image or other vnf just for OPNFV project use
Scripts could introduce security issues (configurations)
ACTION: to consider how we will interact (tool wise) with upstrean groups (hinds)
expected time for fix should be added (Mike)
ACTION: Luke to continue to refine the OSVM and consider the points made about interactions and contingencies towards upstream projects