Presentation is loading. Please wait.

Presentation is loading. Please wait.

Proposal on TSC policy for ONAP release Maintenance

Published byRalph Bach Modified over 5 years ago

Similar presentations

Presentation on theme: "Proposal on TSC policy for ONAP release Maintenance"— Presentation transcript:

1 Proposal on TSC policy for ONAP release Maintenance
DRAFT!!!!!!!!!!!

2 Introduction This is a proposal to create a TSC policy regarding maintenance for security and maintenance patches. It covers: For how long the ONAP release should be maintained. Minimum requirements that drive a maintenance update. The structure is firstly a discussion on the motivation, then the proposed text as the policy.

3 Proposal Motivation There is a need for a clear maintenance strategy in ONAP releases that everybody understands. The proposal shall respect the already agreed version naming strategy, which is described (in more detail that decided) here: The ONAP Release Versioning Strategy (link). The Release Versioning strategy describes: Major Releases X.Y.Z; where X is the major release number. Enhancement Release, where the Y represents the enhancement release number of the major release (a.k.a Minor release) Service release where Z indicates the service release number (a.k.a patch release). For a security vulnerability: ONAP has security vulnerability management procedures: link There is a requirement to release the fixes to public ally known vulnerabilities within 60 days. Source: CII badging passing level “There MUST be no unpatched vulnerabilities of medium or high severity that have been publicly known for more than 60 days” From the security sub-committee perspective, we should fix our own vulnerabilities within 60 days of it being reported. For a vulnerability to have been fixed, it is release by the specific project into the relevant repository. This doesn’t imply an ONAP release.

4 Proposal Motivation Maintenance fixes
Aside from security fixes, there may be other bugs that are reported and should be corrected if agreed by the project. For both maintenance and security patches We need to decide whether to backport the fixes and for how many releases. Currently ONAP works on a 6 month release cadence. If/when we move towards release less then this policy would have to be updated. We need to balance the effort of which releases to maintain.

5 Proposal Motivation Summary
Major Minor Patch Rel X+1 How many “Major” releases to maintain. Of which, How many “minor” releases to maintain Of which, how many “patch” releases to maintain. Rel X.Y.Z Rel X.y.z Rel X.Y.z Rel X.Y.Z-1 Rel X.Y-1.z Rel X.Y-1.Z Rel X-1.y.z Rel X-1.Y.Z Rel X-1.Y.z Rel X.Y-1.Z-1 Rel X-1.Y.Z-1 Rel X-1.Y-1.z Rel X-2.y.z Rel X-2.Y.z

6 Discussion - Maintenance
Of a “minor” release (which can have several patch releases), A patch release is to fix an issue, not to add new functionality. There is no motivation to fix an issue in a previous patch. Proposal: Of a minor release, only the latest patch release is maintained and considered valid for identification of trouble reports and security issues. Of a “major” release (which can have several minor releases). Proposal: Follow the same approach. For a major release, the latest Minor release is maintained. The latest patch level is valid for trouble reports and security issues. For the number of major releases. Maintaining many major releases is extra work on design and test. Propose a phased approach: Initial and current approach: Only the latest Major release is maintained. Increased Deployment approach (timing decision to be made by the TSC). The latest release and the previous major release is maintained.

7 Discussion - Criteria The planning and criteria for a major release is already set by the TSC. No proposed change to this. The planning and criteria for a minor release is already set by the TSC. No proposed change to this. This is minor additional functionality Patches and fixes across many projects The criteria, planning and signoff of a patch release is required.

8 Patch release request The TSC can decide a patch release:
Upon request or As per any TSC decision. One or more PTLs can request a patch release to solve: To address a major bug To address a security issue. The request is made via the Regular TSC meetings: to TSC Or Request discussion via placing on the TSC agenda. Release Criteria: The relevant projects must do the individual release activities. Docker, documentation, etc The relevant projects must pass pairwise testing. Integration regression test of release use cases is performed.

9 Individual project release
A project can perform an individual project release at any time. This may or may not be included in a ONAP release How Request approval from the TSC. to the TSC or request agenda time at a TSC meeting Release criteria In the request to the TSC, a testing proposal must be included to ensure quality. This maybe, for example, local testing, pairwise testing, regression testing, etc depending on the changes made.

10 Patch Release motivation/criterial
Motivation and criterial: To fix address a severe or high “bug” or to address a security issue. A sever bug is an issue that causes the projects deliverables to: Be unstable Not perform the agreed use cases or functionality. A high bug is an issue that causes the projects deliverables to be: Not perform as expected or described as part of the release. The decision as to what is sever or high is considered to be a project decision. The issue submitter can raise the issue to the TSC if there is a difference of opinion..

11 Proposal Motivation A maintenance period of 12 months would likely provide sufficient time for all downstream activities to adapt. This would imply maintenance of both the current release (release N) and release N-1. However, feedback from the PTL meeting held on Monday 6th August 2018, this was considered too high a load for the projects at this stage, hence after feedback from the PTLs, it was considered to have maintenance only for release (N). Note: Release (n) refers to the latest stable release. It is a good idea of sever (and high?) bugs are fixes as a maintenance activity. This implies that that we need a definition of sever and high bugs and a way to make this decision A sever bug is an issue that causes the projects deliverables to: Be unstable Not perform the agreed use cases or functionality. A high bug is an issue that causes the projects deliverables to be: Not perform as expected or described as part of the release. The decision as to what is sever or high is considered to be a project decision. The issue submitter can raise the issue to the TSC if there is a difference of opinion..

12 Proposal Motivation Project release vs ONAP release.
A project can perform a release to the repositories without an ONAP release. Its too early to mandate the need of ONAP maintenance releases. This is still best left to a TSC decision for that release, on a per release basis. Given the above, the idea is to create a proposal that describes: ONAP Projects (e.g. SO, DCAE, ….) are maintained for the latest release (called release n) and at a later date, the previous release (termed release n- 1). An ONAP project must perform a project release within 60 days of: Identification of a new vulnerability From the release of a new known sever or high known vulnerability Reporting of a new sever or high bug. This must be backported for the agreed supported releases. A project release does not imply a ONAP release.

13 Proposal Motivation When having a project release without an ONAP release, we have to agree on what quality steps are required: Ensure that health checks and all the regression tests have been successfully performed. Depending on the changes, Stability tests might be required.

14 This slide is intentially left blank

15 Proposal for TSC policy
TSC Policy: ONAP Maintenance: Definitions: ONAP Release: An ONAP release is the release of a set of artifacts from the ONAP projects that is collectively release together ONAP Project Release: An ONAP project release is a release of artifacts from a specific ONAP project. Explanatory Note: ONAP projects are listed in the ONAP wiki under approved ONAP projects. An ONAP project can have releases corresponding to the ONAP releases (e.g. Amsterdam, Beijing). Latest current release: Refers to the latest ONAP project release, and in particular to the major revision. A sever bug is an issue that causes the projects deliverables to: Be unstable Not perform the agreed use cases or functionality. A high bug is an issue that causes the projects deliverables to be: Not perform as expected or described as part of the release.

16 Proposal for TSC policy
TSC Policy: ONAP Maintenance: ONAP Maintenance Policy: An ONAP project is required to perform a maintenance release to support the following: To ensure that there are no known sever or high vulnerabilities greater than 60 days old To ensure that a fix for new sever or high vulnerability is release within 60 days To ensure that sever bugs are fixed within 60 days. The ONAP project applies the patches to the latest current major release (Release N) ( and later upon new TSC decision the previous latest major release (Release N-1)). The ONAP projects decide whether an issue is a Severe Issue, High Issue or other. The issue requester, if s/he disagrees with the project decision can request a decision from the TSC by: Sending an to the TSC with the subject: “Issue Priority Decision Request” Preparing the decision motivation material for part of the TSC agenda. 1 weeks notice is required. Projects can request to the TSC to have a individual project release or a ONAP release. to the TSC or request agenda time at a TSC meeting, including testing proposal The TSC will decide to proceed with an individual project release or a overall ONAP release.

17 Proposal for TSC policy
Individual project release criteria Individual project release activities have been performed Health test and relevant pairwise testing is performed. Documentation is updated. ONAP project release criterial Individual project release and in addition Regression test of the release use cases performed by the integration team.

18 Proposal for TSC policy
Questions: How to do the cryptographic signing for an individual project release that doesn’t have a related ONAP release.

Download ppt "Proposal on TSC policy for ONAP release Maintenance"

Similar presentations

United Nations Statistics Division

United Nations Statistics Division
Freedom of Information Act 2000 and the PCT Audit Procedure Background: The Act was passed in November 2000. The Act will be fully in force by January.

Freedom of Information Act 2000 and the PCT Audit Procedure Background: The Act was passed in November The Act will be fully in force by January.
Software Quality Assurance Plan

Software Quality Assurance Plan
Screen 1 of 24 Reporting Food Security Information Understanding the User’s Information Needs At the end of this lesson you will be able to: define the.

Screen 1 of 24 Reporting Food Security Information Understanding the User’s Information Needs At the end of this lesson you will be able to: define the.
SystematicSystematic process that translates quality policy into measurable objectives and requirements, and lays down a sequence of steps for realizing.

SystematicSystematic process that translates quality policy into measurable objectives and requirements, and lays down a sequence of steps for realizing.
SAIC-F QA Internal Process (DRAFT ) Sudha Chudamani QA Team, Frederick National Lab Jan 2, 2013.

SAIC-F QA Internal Process (DRAFT ) Sudha Chudamani QA Team, Frederick National Lab Jan 2, 2013.
Proposed TC Issues Process Martin Chapman. Purpose An issues driven process helps to 1.Untangle un-conflate problems 2.Narrow focus to solving particular.

Proposed TC Issues Process Martin Chapman. Purpose An issues driven process helps to 1.Untangle un-conflate problems 2.Narrow focus to solving particular.
BSBPMG505A Manage Project Quality Manage Project Quality Project Quality Processes Diploma of Project Management 17872 Qualification Code BSB51507 Unit.

BSBPMG505A Manage Project Quality Manage Project Quality Project Quality Processes Diploma of Project Management Qualification Code BSB51507 Unit.
Security Policy Update LCG GDB Prague, 4 Apr 2007 David Kelsey CCLRC/RAL

Security Policy Update LCG GDB Prague, 4 Apr 2007 David Kelsey CCLRC/RAL
1 EMS Fundamentals An Introduction to the EMS Process Roadmap AASHTO EMS Workshop.

1 EMS Fundamentals An Introduction to the EMS Process Roadmap AASHTO EMS Workshop.
ALMA Integrated Computing Team Coordination & Planning Meeting #1 Santiago, 17-19 April 2013 Acceptance Manager Transition Steve Scott.

ALMA Integrated Computing Team Coordination & Planning Meeting #1 Santiago, April 2013 Acceptance Manager Transition Steve Scott.
DEX Publication Project OASIS PLCS TC Telecon 22 January 2008 Trine Hansen.

DEX Publication Project OASIS PLCS TC Telecon 22 January 2008 Trine Hansen.
EMI INFSO-RI-261611 SA1 Session Report Francesco Giacomini (INFN) EMI Kick-off Meeting CERN, 26-28 May 2010.

EMI INFSO-RI SA1 Session Report Francesco Giacomini (INFN) EMI Kick-off Meeting CERN, May 2010.
6/6/2016 1 SOFTWARE LIFE CYCLE OVERVIEW Professor Ron Kenett Tel Aviv University School of Engineering.

6/6/ SOFTWARE LIFE CYCLE OVERVIEW Professor Ron Kenett Tel Aviv University School of Engineering.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Version Control How and why to control changes in a software artifact.

Version Control How and why to control changes in a software artifact.
Chapter 25 – Configuration Management 1Chapter 25 Configuration management.

Chapter 25 – Configuration Management 1Chapter 25 Configuration management.
SLAs with Software Provider. Scope “…declare the rights and responsibilities between EGI.eu and the Software Provider for a particular component.” Which.

SLAs with Software Provider. Scope “…declare the rights and responsibilities between EGI.eu and the Software Provider for a particular component.” Which.
A LOOK AT AMENDMENTS TO ISO/IEC 17025 (1999) Presented at NCSLI Conference Washington DC August 11, 2005 by Roxanne Robinson.

A LOOK AT AMENDMENTS TO ISO/IEC (1999) Presented at NCSLI Conference Washington DC August 11, 2005 by Roxanne Robinson.
TK2023 Object-Oriented Software Engineering

TK2023 Object-Oriented Software Engineering

Similar presentations

Ads by Google