Our Objective has been to correct the issue, learn, put in place best practices and establish a solid foundation for building operationally ready reference M-CORD baseline.
ONF has worked closely with Intel and Sprint on the remediation plan and actions.
Update Nov 23 2018
While we had hoped to release new versions of the EPC software by the end of November, it is clear that it will be delayed to January. Here is an update to
the status. Intel, Sprint and a few other organizations have completed development and testing of the repos. The software will be a huge improvement
in terms of ability to scale and readiness for production. To make sure the software is of very high quality, we are taking it through a rigorous process
to check for license incompatibilities, security vulnerabilities, and more. As a result of this situation, the ONF has purchased and installed the Black Duck
tools. They will give us a new capability to run scans on a regular basis as the tools are tightly integrated with the development toolchains (of all ONF projects, not just M-CORD).
This new process will help catch any license issues much earlier. Of course, contributors are still responsible for their contributions meeting the license agreement, but adding tooling
provides a new service to the community and helps all of us find any issues that may have escaped
efforts made by the contributors. Because Intel and ONF are using different Black Duck tools, there are sometimes inconsistencies in the reports from the tools. The
ONF is starting to run our tools on the new repos and work with Intel and others to understand/correct the issues prior to release. Our requirement is
to have no issues on day 1 when Intel submits the new code. All of this takes time, and our best estimate for completion is mid January.
We apologize for the delay.
Made an announcement in cord-dev@, cord-discuss@ mobile@, email lists of effect on vEPC, ngic, c3po repos