Re: CNCF SIG (and WG) expected deliverables

Michael Ducy

The SAFE WG was an independent group (as I always understood it) that was NOT under the auspices of the CNCF or the CNCF TOC until very recently. Over those last 10 months, there's been much debate around "Categories and SIGs" and what they should deliver and that was finalized early this year. SAFE then morphed into SIG-Security a few months ago. 

So you're essentially saying, "I asked for something as a CNCF TOC member from a group that wasn't a CNCF sanctioned working group and they gave me nothing." While it would have been in the best interest of the SAFE WG to produce something, they weren't required to by any means. If I am wrong about the relationship between SAFE and the CNCF prior to them becoming SIG-Security, please correct me.

Now that being said, I do feel like the SIG-Security group should be producing white papers and the like. Specifically I'd like to see:
 - White paper of practical implementation advice
 - Cloud Native Security Landscape (This was something at SAFE had started)
 - Cloud Native Security Trail Map

This is not an exhaustive list as it doesn't included some of the Policy white papers Sarah is interested in producing. 

On Tue, Jul 2, 2019 at 12:27 PM Quinton Hoole <quinton@...> wrote:
A quick follow-up to the discussion in today's TOC meeting regarding being clear about the TOC's expectations of deliverables from SIGs (and working groups).

Here is the discussion I had 10 months ago with the Security group regarding expectations, specifically around delivery of White Papers (github lists me as ghost, due to an unfortunate technical issue).

I think I made it very clear at the time what the TOC expected to be delivered, and the group explicitly undertook to deliver the white papers, but simply has not.

The main reason I bring this up is that I think it's important to draw a clear distinction between lack of communication from the TOC as to what's required, vs repeated lack of delivery thereof by a SIG or working group, as the solutions to the two problems are quite different.


Quinton Hoole

Join to automatically receive all group messages.