Thanks Chris. Firstly, I think the way the sandbox doc is articulated in the doc is great. However, I imagine sandbox projects should be aware of the TLP graduation criteria and trying to steer their ship towards those goals, and as such, it prompted a broader meta question that I thought might be better suited to the TOC list, rather than a comment on the doc.
When I look at the graduation criteria from Sandbox -> Incubation -> Graduated, I see in the criteria for "graduated" that one needs to have committers from at least 2 organizations. This hints at a desire for CNCF projects to have some measure of open governance but stops short of calling it out directly. Why not do so?
I believe I've heard it stated by the TOC before that you don't want to preclude healthy important projects where the vast majority of committers happen to be from one organization. I agree. However, I don't think that is at odds with an open governance model. For example, you could have an open governance model where it just so happened to be, that the participation in the project is all from a single company, however, because of the governance model, should contributors join later from other companies, they would have a path to equal influence in the project decision making and contributions being committed.
Why am I bringing this up? An ounce of prevention is worth a pound of cure. I believe the advantage of calling open gov out explicitly in the graduation criteria helps avoid a future scenario where a CNCF project is governed by a cabal largely dominated by one company, that has a token committer from outside, that actively or passively ignores contributions from the community (the incentives can differ from project to project). I suspect you have come across github projects with open source licenses that behave this way. Projects like this are bad for the project's and foundation's brand. The ASF had to deal with this issue a number of times with popular projects in their Big Data stack. It was painful, but they were able to deal with it because they are prescriptive about how ASF projects are to be governed. I realize this can be a slippery slope because the next step would be to become prescriptive about what type(s) of open governance model CNCF projects would deem acceptable. However, perhaps something worth anticipating and discussing.