Good afternoon Stephen, Michael,
I have released an e-mail explaining how we can fix the Log back dependency issue with EELF https://lists.onap.org/g/Onap-seccom/topic/maven_dependency_update_for/26440631?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,0,26440631 Nevertheless I would also like to come back on Michael’s prioritization request. Is there any other team member from the logging project that can help you? I can see that there are 6 other Logging committers and 12 additional contributors associated to your project. I cannot really comment regarding your personal Acumos’s commitment. We can help you to prioritize your ONAP activities if we can better understand what the changes are that the developers are waiting for you. We can also ask to Security Subcommittee to review your remaining 8 Critical items and assess with you if these are real concern or false positive. Avdhut, Lee, Luke, Prudence, Geora, Shane, As committers, can you please provide additional support to Michael? Thanks. Many thanks & regards Catherine -----Original Message----- From: onap-disc...@lists.onap.org [mailto:onap-disc...@lists.onap.org] On Behalf Of Stephen Terrill Sent: Sunday, September 30, 2018 6:12 PM To: ONAP-TSC@lists.onap.org; onap-helpd...@rt.linuxfoundation.org; gildas.lani...@huawei.com Cc: onap-disc...@lists.onap.org; AU, PRUDENCE <prudence...@amdocs.com> Subject: Re: [onap-discuss] [onap-tsc] [ONAP Helpdesk #61551] RE: Competing priorities in onap - CLM vs Code Thanks Michael, Are there any "gotchyas" to share based on this? BR, Steve -----Original Message----- From: ONAP-TSC@lists.onap.org<mailto:ONAP-TSC@lists.onap.org> <ONAP-TSC@lists.onap.org<mailto:ONAP-TSC@lists.onap.org>> On Behalf Of Michael O'Brien Sent: Saturday, September 29, 2018 2:49 AM To: onap-helpd...@rt.linuxfoundation.org<mailto:onap-helpd...@rt.linuxfoundation.org>; gildas.lani...@huawei.com Cc: onap-disc...@lists.onap.org<mailto:onap-disc...@lists.onap.org>; onap-tsc@lists.onap.org<mailto:onap-tsc@lists.onap.org>; Prudence Au <prudence...@amdocs.com<mailto:prudence...@amdocs.com>> Subject: Re: [onap-tsc] [ONAP Helpdesk #61551] RE: Competing priorities in onap - CLM vs Code Update: I looked more into the failures just now and yes it is "banned snapshots" the "banned dependencies" and the " Dependency ch.qos.logback:logback-classic:jar:1.1.3 located at Module org.onap.logging-analytics:logging-docker-root:pom:1.2.2-SNAPSHOT" stuck out before I realized it was the forced release of my jars. Releasing my jars should fix all of these - I'll release as-is - Prudence and I need to release the 8 release projects this week. Issue closed and adjusted as a release exercise. Yes, when I looked back at recent docker and release jobs – started seeing these – which look to be enforced CLM rules – blocking Jenkins jobs success – I didn’t save the link I got the following from – I may have mixed up “banned dependencies” with enforce-no-snapshots – which should say “banned snapshots” as the failure message Looking for logs – can’t seem to find them now - before or after I took out 1.1.3 Dependency ch.qos.logback:logback-classic:jar:1.1.3 located at Module org.onap.logging-analytics:logging-docker-root:pom:1.2.2-SNAPSHOT Dependency ch.qos.logback:logback-classic:jar:1.1.3 located at Module org.onap.logging-analytics:logging-kubernetes:pom:1.2.2-SNAPSHOT Dependency ch.qos.logback:logback-classic:jar:1.1.3 located at Module org.onap.logging-analytics:logging-reference:pom:1.2.2-SNAPSHOT This one is not CLM it is SNAPSHOTS – or unreleased code – I will need to release my demo code as-is before RC0 to fix these https://urldefense.proofpoint.com/v2/url?u=https-3A__jenkins.onap.org_view_logging-2Danalytics_job_logging-2Danalytics-2Dmaster-2Drelease-2Dversion-2Djava-2Ddaily_244_&d=DwIGaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=66ObImPAUA0o2f1hTGknnnv5ScXvX8EnREJCPHHBY5M&m=DIcIASzjcil3o0H24Jqbkj1n4qgshpbos4jwD68Qx6c&s=134ba_QGG7ZIUC9Wkum_joF4Ip8GwyoflxETANnTtUY&e= Identified problems Banned dependencies Some Enforcer rules have failed. Look in the log for specific messages explaining why the rule failed Indication 1 2:01:55 [INFO] --- maven-enforcer-plugin:3.0.0-M1:enforce (enforce-no-snapshots) @ logging-demo --- 12:01:55 [WARNING] Rule 0: org.apache.maven.plugins.enforcer.RequireReleaseDeps failed with message: 12:01:55 Found Banned Dependency: org.onap.logging-analytics:logging-slf4j:jar:1.2.2-SNAPSHOT 12:01:55 Found Banned Dependency: org.onap.logging-analytics:logging-mock-service:jar:1.2.2-SNAPSHOT 12:01:55 Found Banned Dependency: org.onap.logging-analytics:logging-library:jar:1.2.2-SNAPSHOT 12:01:55 Use 'mvn dependency:tree' to locate the source of the banned dependencies. -----Original Message----- From: Jessica Wagantall via RT <onap-helpd...@rt.linuxfoundation.org<mailto:onap-helpd...@rt.linuxfoundation.org>> Sent: Friday, September 28, 2018 7:36 PM To: gildas.lani...@huawei.com Cc: Michael O'Brien <frank.obr...@amdocs.com<mailto:frank.obr...@amdocs.com>>; onap-disc...@lists.onap.org<mailto:onap-disc...@lists.onap.org>; onap-tsc@lists.onap.org Subject: [ONAP Helpdesk #61551] RE: Competing priorities in onap - CLM vs Code Dear Michael Can you please point me to an example? The only dependencies I know we are banning are the ones described in this example: https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.onap.org_display_DW_Release-2BVersioning-2BStrategy-23ReleaseVersioningStrategy-2DIssueofdependencyonSnapshot&d=DwIGaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=66ObImPAUA0o2f1hTGknnnv5ScXvX8EnREJCPHHBY5M&m=DIcIASzjcil3o0H24Jqbkj1n4qgshpbos4jwD68Qx6c&s=pf24qHpmK771zOA1RigZgJprjPwmyg0xwCG1Ry0ioZU&e= Thanks! Jess On Fri Sep 28 19:00:30 2018, gildas.lani...@huawei.com<mailto:gildas.lani...@huawei.com> wrote: > Looping in Helpdesk. > > I am not aware the Jenkins fails on banned dependencies you stated > below. > @Helpdesk, Your thoughts are welcome. > > Thanks, > Gildas > ONAP Release Manager > 1 415 238 6287 > > From: onap-disc...@lists.onap.org<mailto:onap-disc...@lists.onap.org> > [mailto:onap-disc...@lists.onap.org] > On Behalf Of Michael O'Brien > Sent: Friday, September 28, 2018 5:09 AM > To: onap-disc...@lists.onap.org<mailto:onap-disc...@lists.onap.org>; > onap-tsc@lists.onap.org > Subject: [onap-discuss] Competing priorities in onap - CLM vs Code > > Team, > Just a comment on the vulnerabilities work and its impact on > everything else. > Since the release Jenkins jobs now fail on banned dependencies and > we are forced to fix the CLM critical issues - just be aware that > fixing each of these takes time away from development as - I have > fixed one of the remaining 9 in my project last night and am working > through the rest. > Fixing a CLM issue is not trivial as you know - half the time there > is an override brought in with another library - fixing one usually > illuminates a common pattern so the rest should go faster now - > however I am blocking developers waiting on my changes in onap and > acumos because of this. > /michael > > This message and the information contained herein is proprietary and > confidential and subject to the Amdocs policy statement, you may > review at > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.amdocs.com_about_email-2Ddisclaimer&d=DwIGaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=66ObImPAUA0o2f1hTGknnnv5ScXvX8EnREJCPHHBY5M&m=DIcIASzjcil3o0H24Jqbkj1n4qgshpbos4jwD68Qx6c&s=DZACj8TnZJjtlVEG68B35dHXJw4bYQvi0txEOCdhTfs&e= > This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at https://urldefense.proofpoint.com/v2/url?u=https-3A__www.amdocs.com_about_email-2Ddisclaimer&d=DwIGaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=66ObImPAUA0o2f1hTGknnnv5ScXvX8EnREJCPHHBY5M&m=DIcIASzjcil3o0H24Jqbkj1n4qgshpbos4jwD68Qx6c&s=DZACj8TnZJjtlVEG68B35dHXJw4bYQvi0txEOCdhTfs&e= <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.amdocs.com_about_email-2Ddisclaimer&d=DwIGaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=66ObImPAUA0o2f1hTGknnnv5ScXvX8EnREJCPHHBY5M&m=DIcIASzjcil3o0H24Jqbkj1n4qgshpbos4jwD68Qx6c&s=DZACj8TnZJjtlVEG68B35dHXJw4bYQvi0txEOCdhTfs&e=> -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#3800): https://lists.onap.org/g/onap-tsc/message/3800 Mute This Topic: https://lists.onap.org/mt/26442008/21656 Group Owner: onap-tsc+ow...@lists.onap.org Unsubscribe: https://lists.onap.org/g/onap-tsc/leave/2743226/1412191262/xyzzy [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
