/
2025-05-28 TAC Minutes

2025-05-28 TAC Minutes

Attendees & Representation

TAC Members and Project representatives should mark their attendance below 

Member Representatives

Representing

Member

Representing

Member

China Mobile

vacant

China Telecom

vacant

Cisco

@Frank Brockners

Deutsche Telekom

@Marc Fiedler

Ericsson

@Christian Olrog

Huawei

@Huijun Yu

Infosys

@Girish Kumar 

Nokia

@Olaf Renner 

Red Hat

@Dave Tucker 

Tech Mahindra

vacant

TELUS

 @Sana Tariq 

Verizon

vacant

Walmart

@Santhosh Fernandes 

LF Staff & Community

@Casey Cain @LJ Illuzzi @Ranny Haiby

@Richard Lopez

Community Representatives

Community

Representative

Lifecycle

Community

Representative

Lifecycle

ONAP

@N.K. Shankaranarayanan 

Graduated

OpenDaylight

@Robert Varga 

Graduated

Anuket

@Beth Cohen

Graduated

Essedum

@Praveen Kumar Kalapatapu

Incubation

FD.io

@Dave Wallace 

Graduated

Nephio

@Timo Perala 

Graduated

L3AF

@Santhosh Fernandes 

Incubation

5G SBP

vacant

Incubation

CNTi

@Olivier Smith 

sandbox

Paraglider

vacant

sandbox

Elected Representatives

Chairperson

@Olaf Renner 

Vice-Chair

@Muddasar Ahmed 

Security

@Amy Zwarico 

AI

@Fatih Nar

Committer Representative

@Shankar Malik

Agenda

The project's Antitrust Policy is linked from the LF and project websites. The policy is important when multiple companies, including potential industry competitors, are participating in meetings. Please review it, and if you have any questions, please contact your company's legal counsel. Members of the LF may contact Andrew Updegrove at the firm Gesmer Updegrove LLP, which provides legal counsel to the LF.

Minutes

Network Observability & Security Workgroup - @Ranny Haiby

  • The mission of the workgroup is to advance use of open source technology for building observable and secure networks. It will create and disseminate clear, actionable blueprints and insightful white papers focused on network observability using the Linux Foundation Networking (LFN) and adjacent project ecosystems

  • Ranny is not sure how long the Workgroup will last, but encourages participation

    • Sign up here

    • Deliverables: White paper and potentially a 5G Super Blueprint

    • Focus: Concrete technical documentation rather than brainstorming sessions

    • Goal: Educate industry about open source project capabilities and drive project adoption

  • Fatih Nar suggested keeping scope focused on "network observability" rather than bundling with security:

    • Observability data can feed into security, AI Ops, lifecycle management

    • Avoids confusion with existing security working groups

    • Enables best practices for network-centric applications and infrastructure

  • Muddasar Ahmed emphasized starting with existing project capabilities rather than high-level requirements.

  • Frank Brockners raised concerns about achieving critical mass for participation, referencing challenges with previous working groups like the AI working group.

Action Items

@Ranny Haiby to add sign-up section to work group page
@Ranny Haiby @Casey Cain to reach out to all project TSCs to identify representatives
@Ranny Haiby @Casey Cain Send announcement to TAC mailing list and individual project communication channels
Focus on existing/near-future project capabilities (e.g., LEAF's OpenTelemetry integration)

TAC Meeting Improvements / Evolution

  • @Casey Cain introduced the topic and ask the community for feedback on improving the TAC Meeting

  • Muddasar Ahmed:

    • Prioritize binary decision items first in agenda

    • Separate discussion/brainstorming topics to allow partial attendance

    Frank Brockners identified original TAC purposes:

    • Cross-project collaboration forum

    • Ensure projects have necessary resources with minimal process overhead

    • Technical perspective complement to board's financial/operational support

    Praveen Kumar Kalapatapu suggested developing thematic views (e.g., autonomous networks) to identify:

    • Current project capabilities

    • Missing functionalities

    • Potential feature gaps

Challenges Identified

  • Inter-project collaboration hasn't materialized effectively in this forum

  • Need clearer value proposition for project attendance

  • Balance between project independence and common strategy

Action Items

@Casey Cain to implement agenda improvements based on feedback and send them out to the Community in advance of the meeting.

Post Quantum Follow up

  • @Muddasar Ahmed

  • Current Status

    • Investigated tooling for crypto inventory across repositories

    • Identified two tool options:

      • Expensive option: $100-130K

      • Alternative option: $30-40K annually

    • Traditional software scanning tools (Nexus) don't provide crypto inventory

  • Key Drivers

    • January 1, 2027: US Government will not acquire non-quantum-safe capabilities

    • Expected ripple effect to companies and allied countries

    • 18-month planning window critical for software vendors

  • Project Perspectives

    • @Robert Varga (OpenDaylight) noted:

      • Clear understanding of crypto usage locations

      • Challenge of maintaining compatibility with 5-year-old network elements

      • Already tracking upstream library updates

      • Java 24 post-quantum capabilities will be adopted in upcoming releases

      • Configuration flexibility needed for deployed field compatibility

    • Addtional Discussion

      • @Ranny Haiby emphasized need for project-driven motivation

      • Projects must commit resources and developers for execution

      • @Muddasar Ahmed clarified this is for planning purposes, not forced timelines

      • @Robert Varga confirmed active tracking of latest crypto libraries

Action Items

@Ranny Haiby @Casey Cain Investigate existing tooling capabilities for crypto scanning
Document current findings for future project requests
Contact current scanning software vendors about crypto scanning roadmaps

Vulnerability Reporting

  • @Casey Cain asked if there should be a central LFN vulnerability reporting.

    • @Muddasar Ahmed suggested that this is already baked into the quality & security goals that the community has been working on.

    • JIRA support desk (support.linuxfoundation.org) for broader vulnerability reporting

    • Status page: status.linuxfoundation.org for outage updates

      • Priority-based request handling

  • Discussion Focus

    • @Olaf Renner highlighted need for:

      • Cross-project notification during infrastructure attacks (e.g., GitLab denial of service)

      • Better information distribution during security incidents

      • Improved mitigation plan communication

    • Proposed Solutions

      • @Muddasar Ahmed recommended focusing on OpenSSF Gold/Silver badging at TAC level

      • Granular vulnerability reporting should remain with individual projects

      • Quality dashboards to identify projects needing support

Future Tooling

@Casey Cain mentioned IT team investigation of DataDog for:

  • Better change management for GitHub projects

  • Enhanced repository permissions management

  • Improved code submission rules

  • Upcoming TAC presentation planned

Backlog