Bias and publishing guidance from CNCF


Gareth Rushgrove
 

Hi All

On a couple of calls yesterday (SIG Security, and discussions about
the proposed SIG App Delivery), the topic of bias or conflict of
interest came up. In discussion we thought it worth bringing to the
ToC, so here is an email.

One of the things being discussed as part of the SIG App Delivery
mission is "develop informational resources like guides, tutorials and
white papers". SIG Security produces recommendations for projects and
the ToC and is also looking at guidance. I'm sure other SIGs have in
mind to do something similar.

Part of the power of CNCF is it's a shared place for folks to
genuinely work together. But I don't think we should deny or otherwise
hide our bias, especially as we get into CNCF branded and published
material. I think most people want to do the right thing, but having
some guidance and discussion would help. Consider a few of the
following:

1. Conducting a private security review of a product associated with a
competitor
2. Guidance on <CNCF project> and <Cloud provider> written by <Cloud provider>
3. Tutorial on <CNCF project> which mentions <non-CNCF project>
4. Comparisons of <CNCF projects> and <non-CNCF projects>
5. Guidance on <CNCF project> which competes with <other CNCF project>
6. Guidance on <CNCF project> which competes with <non-CNCF project>
associated with <authors employee>
7. Organising a <CNCF branded event> which competes directly with
<CNCF member> event

Non of these are simply good or bad, context always matters. A few
things that could be discussed (not concrete suggestions, more to
start a conversation.)

1. All guidance carries authors and contributors and their affiliations
2. Contributors sign some impartiality document (social more than legal)
3. Clear review process which explicitly takes in bias
4. No single-vendor content attributed to CNCF

I think the ToC are probably _very_ aware of this sort of thing, but
as CNCF SIGs expand, more folks probably need to consider the same
things. I think CNCF affiliation is different from project
affiliation. Doing that collectively would be good. What processes do
we need in place? And are they SIG specific or more general? Is this
something folks care about?

Thanks

Gareth

--
Gareth Rushgrove
@garethr

devopsweekly.com
morethanseven.net
garethrushgrove.com

Join cncf-toc@lists.cncf.io to automatically receive all group messages.