Re: Issue with Linux Foundation and expectations on ODL projects
Hi Jamo,toggle quoted message Show quoted text
Few outcomes from yesterday TSC call (at least for me):
1) Thanh will open a ticket to LF to work on a new feature to notify users upfront if there is a security problem in the staging build. I think Allan was waiting long time to get this information.
2) LF will look at the current Nexus IQ problem of reporting old SW security issues in new SW scans.
3) In the situations where it is believed Nexus IQ is not doing the right thing (like this one), the impacted project/person will rise a mail to ODL security team (security@...) with all the details. The ODL security will analyze the problem and if it turns out to be a tool problem, the security team will provide an immediate waiver. If there is a real sec issue, the project/person will have to fix or ask a waiver to the TSC.
4) ODL community needs more and better communication on how things work and change in LF.
On Mar 6, 2020, at 10:37 AM, JamO Luhrsen <jluhrsen@...> wrote: