Hi all, I'm wondering where the Anteater program is - and want to note a broken link: build jobs with Anteater violations reference "Please visit: https://wiki.opnfv.org/x/5oey";, which is the wiki page https://wiki.opnfv.org/pages/viewpage.action?pageId=11700198, which says "Project specific exceptions can be added for file_name, file_contents and binaries, by using the name of the repository within the anteater/exceptions/ directory of the releng-anteater<https://wiki.opnfv.org/gerrit.opnfv.org:29418/releng-anteater.git> repository." - but that link (releng-anteater<https://wiki.opnfv.org/gerrit.opnfv.org:29418/releng-anteater.git>) is broken.
I want to start adding the exceptions for Models etc as an example for the LF IT team that is setting up the Acumos project gerrit/CI/CD process, and in general to help optimize the Anteater overhead for projects. I think we need to get some analysis of the types of exceptions that are typical, and establish a process for vetting those exceptions that goes beyond a simple review by a releng committer. Further, we need to bring in other scan tools (e.g. security vulnerability, virus, or malicious code scans) into the Anteater process. This is in response to concerns about the security of the governance process for open source (e.g. upstream, but also direct contribution in projects) that is used to build production-oriented systems. We need to demonstrate that OPNFV and other LF projects are addressing these concerns through their infra toolsets. Thanks, Bryan Sullivan | AT&T
_______________________________________________ opnfv-tech-discuss mailing list opnfv-tech-discuss@lists.opnfv.org https://lists.opnfv.org/mailman/listinfo/opnfv-tech-discuss
