Hi Mitch,
No confirm from security people yet, so that I?d recommend to use the time slot from this week OSWG.(wed) There is already CTT status related session. Let me request to Dwarka to extend the topic for this issue also. BR, Uze Choi From: ??? (Uze Choi) [mailto:uzc...@samsung.com] Sent: Friday, May 26, 2017 2:39 PM To: 'Mitch Kettrick'; 'Heldt-Sheller, Nathan'; 'Bell, Richard S'; '???'; 'iotivity-dev at lists.iotivity.org' Cc: 'Agis, Ed'; 'Kaufman, David R (AZ16)' Subject: RE: RE: [dev] [State update-2 for RC3] [Triage Meeting] RE: [session2-Meeting minute]: [Triage CC schedule] [For 1.3 release RC2 ] list sharing and update request for some missing blocks Let me reserve the session at this time. If security people(Randeep, Nathan, Kevin, Dongik Lee, Sergiy: not all but..) agree to join, Let me create the session with CC. BR, Uze Choi From: Mitch Kettrick [mailto:c...@openconnectivity.org] Sent: Friday, May 26, 2017 2:49 AM To: '??? (Uze Choi)'; 'Heldt-Sheller, Nathan'; 'Bell, Richard S'; '???'; iotivity-dev at lists.iotivity.org Cc: 'Agis, Ed'; 'Kaufman, David R (AZ16)' Subject: RE: RE: [dev] [State update-2 for RC3] [Triage Meeting] RE: [session2-Meeting minute]: [Triage CC schedule] [For 1.3 release RC2 ] list sharing and update request for some missing blocks Hi Uze, Monday is a holiday in the United States so my guess is that many of us will not be available. How about Tuesday or Wednesday? Note that CTT 1.5.7 has some known CTT bugs related to not having the newest schema fixes so aligning with 1.5.7 is actually impossible as far as I understand things. Mitch From: ??? (Uze Choi) [mailto:uzc...@samsung.com] Sent: Wednesday, May 24, 2017 9:44 PM To: 'Mitch Kettrick'; 'Heldt-Sheller, Nathan'; 'Bell, Richard S'; '???'; iotivity-dev at lists.iotivity.org Cc: 'Agis, Ed'; 'Kaufman, David R (AZ16)' Subject: RE: RE: [dev] [State update-2 for RC3] [Triage Meeting] RE: [session2-Meeting minute]: [Triage CC schedule] [For 1.3 release RC2 ] list sharing and update request for some missing blocks Hi Mitch, Correctly you may right. Something like chicken and egg issue. There can be two ideas for this release. One is to Specify the coverage in which IoTivity passed at 1.5.7 on release note. The other, completely remove CTT context, just no mentioning. It is good idea to discuss how to deal with it. But it should be done with the security people engagement. (Randeep, Nathan, Kevin, Dongik Lee, Sergiy) How about to have a meeting on next Monday afternoon in PST? BR, Uze Choi From: Mitch Kettrick [mailto:c...@openconnectivity.org] Sent: Wednesday, May 24, 2017 1:48 AM To: uzchoi at samsung.com; 'Heldt-Sheller, Nathan'; 'Bell, Richard S'; '???'; iotivity-dev at lists.iotivity.org Cc: 'Agis, Ed'; 'Kaufman, David R (AZ16)' Subject: RE: RE: [dev] [State update-2 for RC3] [Triage Meeting] RE: [session2-Meeting minute]: [Triage CC schedule] [For 1.3 release RC2 ] list sharing and update request for some missing blocks Hi Uze, I want to clarify one thing that you said: Then release version can pass the current version CTT test case excluding issues to be resolved from CTT. I do not believe that IoTivity will automatically pass the current version of the CTT (not sure if you mean 1.5.7 or 1.5.8) once the bugs Nathan mentioned below are closed. Many of the issues that are being worked on now are preventing many of the existing test cases to run all the way through. As an example, many of the schema issues related to the SVRs make it such that the CTT can't even complete the first step in the test case. Once the CTT pulls in the latest schema files (which should be in CTT v1.5.8), the test cases should be able to run all the way through for the first time. There is a good chance that clearing this first block issue with the schema files will expose additional bugs that we don't even know about yet. This will lead to additional IoTivity bug fixes and/or CTT issues that have to be resolved. We're constantly trying to hit a moving target since nothing is fully fleshed out including test cases (many of which have not been completely written yet), IoTivity and the CTT. As I've said in other emails, it's going to take 2 to 3 months until things stabilize and we have something that passes the CTT (and can be OCF 1.0 certified). Said another way, there is no easy way to freeze the CTT and try to pass "the current version of the CTT" since we are constantly finding and fixing bugs in both the CTT and IoTivity. Trying to freeze the CTT and pass makes little sense because every recent version of the CTT has bugs, many of which we haven't even uncovered yet. Does it make sense to have a special meeting to discuss IoTivity v1.3 and what we're trying to accomplish with it so that we can put together a realistic plan? I have to admit that I don't fully understand the current plan but from what I can see I'm not sure that what we're trying to accomplish is even possible? Mitch From: ??? [mailto:uzc...@samsung.com] Sent: Saturday, May 20, 2017 9:16 PM To: Heldt-Sheller, Nathan; Bell, Richard S; ???; iotivity-dev at lists.iotivity.org Cc: Mitch Kettrick; Agis, Ed Subject: RE: RE: [dev] [State update-2 for RC3] [Triage Meeting] RE: [session2-Meeting minute]: [Triage CC schedule] [For 1.3 release RC2 ] list sharing and update request for some missing blocks Hi Nathan, I believe Patches for these issues will be merged by this week. (I mean by this Sunday) Then release version can pass the current version CTT test case excluding issues to be resolved from CTT. And better to include following but not necessary to include below I believe. ? Bug IOT-1928 Update mbedtls version before 1.3 release ? Improvement IOT-1896 BR Uze Choi --------- Original Message --------- Sender : Heldt-Sheller, Nathan <nathan.heldt-sheller at intel.com> Date : 2017-05-21 08:12 (GMT+9) Title : RE: [dev] [State update-2 for RC3] [Triage Meeting] RE: [session2-Meeting minute]: [Triage CC schedule] [For 1.3 release RC2 ] list sharing and update request for some missing blocks Hi Uze, As an update, all known P1 Security Issues have either been resolved, or have pending patches in Gerrit review; see JIRA for updated status: All Open, In Progress, Assigned and Re-opened Issues with ?Security? tag, P1, and Fix In Version 1.3.0 <https://jira.iotivity.org/issues/?jql=project%20%3D%20IOT%20AND%20status%20in%20(Open%2C%20%22In%20Progress%22%2C%20Reopened%2C%20Assigned)%20AND%20priority%20%3D%20P1%20AND%20fixVersion%20%3D%20%22IoTivity%201.3.0%22%20AND%20labels%20%3D%20security%20ORDER%20BY%20priority%20DESC%2C%20created%20DESC> We are waiting on code review and/or Jenkins for 7 of the 8 open issues. The mbedTLS update issue, you already known about. However it should be noted that there are likely many outstanding issues other than these that will prevent OCF 1.0 certification. I understand it is your intention to release 1.3.0 without passing complete CTT, but I wanted to be 100% clear that there will almost surely be other certification blocking issues discovered as CTT and IoTivity bugs are fixed and more of the TCs are running. I hope the intention is to release again when complete CTT is passing. Summary copy/paste from JIRA: ? Bug IOT-2293 [Security] /oic/sec/acl2 resource is being updated by payload for /oic/sec/acl resource ? Bug IOT-2292 [Security] 'creds->credusage' property of /oic/sec/cred resource is of string type, expected is array of string in OCF1.0 ? Bug IOT-2281 [Security] /oic/sec/amacl resource is responding for GET request, but not for POST ? Bug IOT-2280 [Security] /oic/sec/doxm resource unable to update rowneruuid ? Bug IOT-2271 provisioningclient fails to discover sampleserver_randompin, when using default ACEs ? Bug IOT-2258 OCCreateResource() must allow Secure *and* Unsecure "ep" ? Bug IOT-1928 Update mbedtls version before 1.3 release ? Improvement IOT-1896 Implement privacy mitigation approach for unique identifiers Thanks, Nathan <http://ext.samsung.net/mail/ext/v1/external/status/update?userid=uzchoi&do=bWFpbElEPTIwMTcwNTIxMDQxNTUxZXBjbXMxcDFmOTIzMjE4Nzg5NTYwZTI3YzVlYTNjZWY3Y2IyZjFkZCZyZWNpcGllbnRBZGRyZXNzPWNwbUBvcGVuY29ubmVjdGl2aXR5Lm9yZw__> <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> ?? ??? ??? ??????. Virus-free. <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> www.avg.com -------------- next part -------------- HTML ?????? ??????????????... URL: <http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20170530/f57011fc/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.gif Type: image/gif Size: 13402 bytes Desc: ?????? ?? ????????. URL: <http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20170530/f57011fc/attachment.gif> -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.jpg Type: image/jpeg Size: 350 bytes Desc: ?????? ?? ????????. URL: <http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20170530/f57011fc/attachment.jpg>
