Attendees & Representation

TAC Members and Project representatives should mark their attendance below 

• Action Item Review (Backlog)

• Post Quantum tooling capabilities for crypto scanning @Ranny Haiby

  • Follow-up from last week’s discussion

• Network Observability & Security Workgroup @Ranny Haiby @Casey Cain

  • Follow-up from last week’s discussion

Post Quantum tooling capabilities for crypto scanning

• Ranny summarized the latest on post-quantum encryption work. The ONAP community is evaluating cryptographic libraries for quantum safety.

• A scan tool (Fossology) was recommended and is being tested to meet these requirements, as a prior tool (OSS Scont) was dropped due to budget issues.

• Discussion included the need for tools that can continuously scan and report cryptographic usage, ideally integrated into project workflows.

  • Next steps: Await results from ONAP’s evaluation and consider updating post-quantum recommendations if successful.

Network Observability Work Group

• Sign-up progress for the new Network Observability work group was reviewed; participation is low so far.

• It was clarified that reminders should be sent, and direct links provided to make sign-up easier.

• Discussion of how the initial invitation was distributed (mainly via TSC mailing lists), with some feedback that not all intended recipients got the message.

• The need for broader, more effective outreach beyond just the TSC was raised—possible improvements to communication processes were discussed.

Communication improvements

• TAC explored how to better ensure information and calls-to-action reach the correct audience within each project/community.

• Suggestions included more explicit email subject lines (e.g., “Your action is required”) and clear instructions to TSCs to forward relevant messages to their communities.

• Acknowledged that communication strategies may need to be tailored to each project’s norms (e.g., email vs. Slack).

Role of TAC Members in Community Communication

• Discussion about the responsibility of TAC members to bring discussions and action items from these meetings back to their project communities.

• Some projects are doing this well; others see low participation or lack of POCs for quality/security topics.

• Proposal to CC TAC mailing lists on important project communications so all TAC reps are kept in the loop and can support follow-through.

LFx Team Collaboration

• Plan to arrange a meeting between LFx team and community members

• Focus on gathering direct feedback about tools development

• Emphasis on converting project data into actionable insights

• Timing consideration due to holiday season

AI-generated code discussion

• @Muddasar Ahmed raised ideation about using agentic AI tools to address low participation in some projects (e.g., code generation for non-critical components).

• Discussion deferred for more ideation offline; participants were encouraged to consider how such tools could help and what pilot areas might be appropriate.

• Communities have asked if it is ok for AI to do Code reviews

  • Needs legal review

LFX Insights Platform Update

• @Casey Cain provided an update on the new version of LFX Insights: new features include improved health scores, security and best practice tracking, and project badges.

• Known issues were discussed (e.g., sub-project nesting, lack of Confluence stats), with fixes in the pipeline.

• Feedback was encouraged, and plans are in place to invite LFX/OpenSSF Baseline project developers to a future TAC meeting for more in-depth explanation and feedback.

Backlog