Topics

[onap-tsc] Allow non-PTLs to view/edit the CLM security wiki pages #clm #security

gildas.lanilis@huawei.com <gildas.lanilis@...>
 

Hi Manoop,

 

I wish I could bit I can’t. This is not my decision.

Decision was taken I think (don’t get me wrong) by SECCOM and LF to limit visibility.

 

Looping SECCOM and LF for their guidance.

 

Thanks,

Gildas

ONAP Release Manager

1 415 238 6287

 

From: TALASILA, MANOOP (MANOOP) [mailto:talasila@...]
Sent: Wednesday, October 10, 2018 12:56 PM
To: Gildas Lanilis <gildas.lanilis@...>
Cc: LEFEVRE, CATHERINE <catherine.lefevre@...>; MIR, FARHAN N (FARHAN) <fmir@...>; TATTAVARADA, SUNDER (SUNDER) <statta@...>
Subject: FW: [onap-tsc] Allow non-PTLs to view/edit the CLM security wiki pages #clm #security

 

Hi Gildas,

 

Sunder Tatta and I have the Nexus IQ access as we are the only two committers for Portal project.

 

As suggested below, can you please help provide access to our security expert Farhan Mir (“fmir@...”) to NexusIQ? (if required we can swap the access of Sunder Tatta). Thanks.

 

Manoop

 

From: <onap-tsc@...> on behalf of "LEFEVRE, CATHERINE" <catherine.lefevre@...>
Reply-To: "onap-tsc@..." <onap-tsc@...>
Date: Wednesday, October 10, 2018 at 7:03 AM
To: "onap-tsc@..." <onap-tsc@...>, "onap-discuss@..." <onap-discuss@...>, "OBRIEN, FRANK MICHAEL" <frank.obrien@...>, "helpdesk@..." <helpdesk@...>
Cc: "AU, PRUDENCE" <prudence.au@...>, Gildas Lanilis <gildas.lanilis@...>
Subject: Re: [onap-tsc] Allow non-PTLs to view/edit the CLM security wiki pages #clm #security

 

***Security Advisory: This Message Originated Outside of AT&T ***
Reference http://cso.att.com/EmailSecurity/IDSP.html for more information.

Good morning Michael, Manoop,

 

As previously discussed, we are not authorized to copy/paste the complete CLM report to the ONAP wiki.

 

What you can or can’t do - has been previously documented here:

https://wiki.onap.org/display/DW/TSC+2018-09-13?preview=/41420751/41422209/ONAP%20CLM%20License%20Version3.pdf

 

Nevertheless if you have identified your security expert(s) then I believe we might be able to swap them with 1-2 of your committers.

Feel free to reach Gildas to explore this possibility with the Linux Foundation.

 

Best regards

Catherine

 

From: onap-tsc@... [mailto:onap-tsc@...] On Behalf Of TALASILA, MANOOP
Sent: Tuesday, October 09, 2018 6:22 PM
To: onap-tsc@...; onap-discuss@...; OBRIEN, FRANK MICHAEL <frank.obrien@...>; helpdesk@...
Cc: AU, PRUDENCE <prudence.au@...>
Subject: Re: [onap-tsc] Allow non-PTLs to view/edit the CLM security wiki pages #clm #security

 

***Security Advisory: This Message Originated Outside of AT&T ***
Reference http://cso.att.com/EmailSecurity/IDSP.html for more information.

+1

The Portal team also in similar situation. The two security experts in our team are not PTL or committers, so they cannot access the CLM reports leading to delay in analyzing the impact and action on the identified vulneribilities.

 

Please see, if you can relax the access or at least to provide access to requested team members (in our case we need access to these IDs – “fmir@...” and “arundpil@...”).

 

Manoop

 

From: <onap-tsc@...> on behalf of Michael O'Brien <frank.obrien@...>
Reply-To: "onap-tsc@..." <onap-tsc@...>
Date: Tuesday, October 9, 2018 at 11:48 AM
To: "onap-discuss@..." <onap-discuss@...>, Michael O'Brien <Frank.Obrien@...>, "onap-tsc@..." <onap-tsc@...>, "helpdesk@..." <helpdesk@...>
Cc: Prudence Au <Prudence.Au@...>
Subject: Re: [onap-tsc] Allow non-PTLs to view/edit the CLM security wiki pages #clm #security

 

Hi, I was wondering if we can get the security rules relaxed – currently I would need to copy/paste wiki content for other members of the team doing the CLM work.

Thank you

/michael

 

From: onap-discuss@... <onap-discuss@...> On Behalf Of Michael O'Brien
Sent: Friday, October 5, 2018 10:14 AM
To: onap-discuss@...; onap-tsc@...; helpdesk@...
Cc: Prudence Au <Prudence.Au@...>
Subject: [onap-discuss] Allow non-PTLs to view/edit the CLM security wiki pages #clm #security

 

Team,

   Hi, I have a request on behalf of my team and likely others.

   The CLM security pages are locked down too tightly – I would like other members of the team – in particular Prudence Au (my co-PTL along with Luke Parker) to be able to view and edit pages in the wiki space

 

https://wiki.onap.org/display/SV/Security+Vulnerabilities+Home

https://wiki.onap.org/pages/viewpage.action?pageId=43385152

 

   The issue that we did not forsee – distribution of CLM work among the team.

   Also when a PTL is out for a 1 day vacation – the delegate PTL does not have access to the site.

 

   If the SV space is locked down – then the bottleneck is the PTL – in my case Prudence is a go-getter and would like to fix the remaining vulnerabilities – in our case we inherited several from another project we have a dependency – they already marked that vulnerability as a red-herring and have a pom override – but without myself acting as the wiki conduit – this work is slowed down with some re-inventing the wheel occurring.

 

    Can we make the site read/only at least for any of the following

-          Committers of a project

-          Ideally any committer of a project can see the pages of the other project – so one fix can be distributed among several

 

Thank you

/michael

 

“Amdocs’ email platform is based on a third-party, worldwide, cloud-based system. Any emails sent to Amdocs will be processed and stored using such system and are accessible by third party providers of such system on a limited basis. Your sending of emails to Amdocs evidences your consent to the use of such system and such processing, storing and access”.

“Amdocs’ email platform is based on a third-party, worldwide, cloud-based system. Any emails sent to Amdocs will be processed and stored using such system and are accessible by third party providers of such system on a limited basis. Your sending of emails to Amdocs evidences your consent to the use of such system and such processing, storing and access”.