Date   

Re: [VOTE] SPIFFE project proposal (inception)

djones@...
 

+1 (non-binding)


Re: Incubating and Inception levels in marketing materials

Bob Wise
 

Since the moment is opening up for debate, I will make a stand (again) that we should require cross-org maintainership.
I believe this might help with some of Jesse Frazelle's commentary recently as well, although only she could say. :-)

Generally this is a way to not only ensure that the projects are really of sufficient interest to users, but also to contributors.
We acknowledge this in what it takes to graduate, anyway.

We do not require it at the outset, while at the same time a small company might be getting funded or gaining market share based on getting to one of these states.
Since projects are getting so much press at the first stage of acceptance, they are getting a lot of the value without returning that value to the community in the form of shared control.

It's not too much to ask (and we should ask) that to receive the CNCF endorsement that real dedication (not just future expectation) to multi-org maintainership is required at all phases.

-Bob


On Mon, Feb 5, 2018 at 1:20 PM, alexis richardson <alexis@...> wrote:
Erin

Please could you be specific?  Do you think Inception and/or
Incubation should require Maintainers from more companies?  I am not
promising changes, but *now* is the time to table and debate this.  If
people have concerns, please invite them to voice them here or have a
sponsor do so on their behalf.

alexis


On Mon, Feb 5, 2018 at 8:24 PM, Erin Boyd <eboyd@...> wrote:
> Hi Alexis,
> It's not a question, but just an observation of voiced 'concern' I see on
> many of the inception level requests, where the feedback is "where is the
> community support beyond company A", etc.
>
> So redefining our "what is means to be Cloud Native" and including Open
> Source as part of this primary driving directive, it seems counter-intuitive
> to accept projects, even at an inception level if they don't strong
> community support.
>
> Thoughts?
> Erin
>
>
>
> On Mon, Feb 5, 2018 at 12:06 PM, alexis richardson <alexis@...>
> wrote:
>>
>> Erin
>>
>> Thank you.
>>
>> What is your question about community support?
>>
>> Alexis
>>
>>
>> On Mon, 5 Feb 2018, 19:02 Erin Boyd, <eboyd@...> wrote:
>>>
>>> Alexis/Dan et all,
>>> I appreciate the work it is to grow this foundation and ensure it lands
>>> in a healthy place, it's no small feat!
>>>
>>> With the popularity of CNCF, it's 'endorsement' to projects is a huge
>>> success factor.
>>>
>>> And while I know we are current revamping definitions to provide better
>>> understanding of the stages of a project, I think many in the community are
>>> concerned that outside of this, perception is reality. Honestly, if I am a
>>> potential customer and looking at a project, just having it listed (with a
>>> bunch of other projects at different levels) on the CNCF website probably
>>> instills a certain amount of confidence in the project.
>>>
>>> The criteria between inception to graduation is well documented and
>>> understood by the TOC, but outside of that, I am not sure.
>>> Many times it's been brought of that for instance, "community support is
>>> not sufficient for xyz project". We have agreed this is not a strict
>>> requirement of inception, however those active in the Open Source community
>>> see this as criteria zero.
>>>
>>> Also, do we have a good way of tracking technical concerns brought
>>> forward from the DD to the next phase? Have we considered creating and
>>> publishing a concrete timeline around each of these phases and what the plan
>>> is if projects don't meet these guidelines? I feel that many people are
>>> trying to provide good due diligence while also balancing their day jobs, so
>>> things are also getting possibly missed because the dates aren't well
>>> defined. (I know I've mentioned this to Chris so sorry to feel like a broken
>>> record here).
>>>
>>> Would love to hear other's thoughts around this.
>>> Thanks,
>>> Erin
>>>
>>>
>>>
>>> On Mon, Feb 5, 2018 at 9:20 AM, alexis richardson <alexis@...>
>>> wrote:
>>>>
>>>> Jess
>>>>
>>>> That's really one for Dan but AIUI the whole website is in the process
>>>> of being nurtured into an optimal state for 2018 ....  So all comments
>>>> good & timely, anywhere.
>>>>
>>>> a
>>>>
>>>>
>>>>
>>>> On Mon, Feb 5, 2018 at 4:16 PM, Jessica Frazelle <me@...>
>>>> wrote:
>>>> > Quick question: what are the platinum members, the ones who paid the
>>>> > 300k?
>>>> >
>>>> > Do they need to be on the same slide / materials as the projects? Is
>>>> > that written into a contract or something? Also I'm more than happy to
>>>> > ask this on the call :)
>>>> >
>>>> > On Mon, Feb 5, 2018 at 11:14 AM, alexis richardson
>>>> > <alexis@...> wrote:
>>>> >> thanks Dan & team
>>>> >>
>>>> >> @all TOC community, please do comment to Dan directly or on
>>>> >> tomorrow's TOC call
>>>> >>
>>>> >>
>>>> >> On Mon, Feb 5, 2018 at 4:08 PM, Dan Kohn <dan@...>
>>>> >> wrote:
>>>> >>> We'll be discussing maturity levels on the TOC call. This is just a
>>>> >>> quick
>>>> >>> note that at the TOC's request, we revised CNCF marketing materials
>>>> >>> to
>>>> >>> clearly separate Incubating and Inception projects:
>>>> >>>
>>>> >>> https://www.cncf.io/
>>>> >>> https://www.cncf.io/projects/
>>>> >>>
>>>> >>> https://docs.google.com/presentation/d/1BoxFeENJcINgHbKfygXpXROchiRO2LBT-pzdaOFr4Zg/edit#slide=id.g2c13d20ecb_1_0
>>>> >>>
>>>> >>> We will obviously add a more prominent graduated section as soon as
>>>> >>> the
>>>> >>> first projects graduate. The same project separation will carry over
>>>> >>> to our
>>>> >>> marketing materials for KubeCon + CloudNativeCon.
>>>> >>> --
>>>> >>> Dan Kohn <dan@...>
>>>> >>> Executive Director, Cloud Native Computing Foundation
>>>> >>> https://www.cncf.io
>>>> >>> +1-415-233-1000 https://www.dankohn.com
>>>> >>>
>>>> >>
>>>> >>
>>>> >>
>>>> >
>>>> >
>>>> >
>>>> > --
>>>> >
>>>> >
>>>> > Jessie Frazelle
>>>> > 4096R / D4C4 DD60 0D66 F65A 8EFC  511E 18F3 685C 0022 BFF3
>>>> > pgp.mit.edu
>>>> >
>>>> >
>>>> >
>>>>
>>>>
>>>>
>>>
>
>





Re: Agenda for TOC tomorrow

Bryan Cantrill <bryan@...>
 

With my apologies, I am in Korea this week and won't be able to attend -- though if I find myself awake at that hour, I reserve the right to dial in. ;)

        - Bryan


On Feb 6, 2018 12:25 AM, "alexis richardson" <alexis@...> wrote:
Draft slides

https://docs.google.com/presentation/d/1jRS8QTalE6ct-yShLS9h3d6qDRQj16YjS04No9b3-XE/edit?ts=5a783a4d#slide=id.g25ca91f87f_0_0





On Tue, Jan 30, 2018 at 2:17 PM, John Belamaric <jbelamaric@...> wrote:
> Thanks. I have a couple slides in the deck already, I may update them a bit
> before the meeting.
>
>
> On Jan 30, 2018, at 9:16 AM, alexis richardson <alexis@...> wrote:
>
> John, yes, we can definitely cover that.
>
>
> On Tue, Jan 30, 2018 at 2:11 PM, John Belamaric <jbelamaric@...>
> wrote:
>
> Hi Alexis,
>
> We planned to have the annual inception review for CoreDNS at the Feb 6
> meeting. Is there still space on the agenda for that?
>
> Thanks,
> John
>
>
> On Jan 29, 2018, at 4:53 AM, alexis richardson <alexis@...> wrote:
>
> Hi everyone
>
> Thank-you for a very well attended and productive TOC call on Jan
> 16th.  The next call is on Feb 6th, in eight days time.  This is a
> call for Agenda items from the TOC community.  I propose the following
> rough draft agenda for Feb - shown below.  If someone proposes
> something more important or pressing, that will get tabled.
>
> alexis
>
>
>
> Feb 6
>
> Theme: Project Status
>
> Tiering:
> * Graduation reviews: timeline to completion
> * Inception to Incubation reviews: ditto
> * Discuss project tiers:
> - do we want to tweak criteria for entry / promotion
>   Inception > Incubation > Graduation
>   Attic
> - Mature/Stable, slower moving projects
>   CNCF Github Org?
> - do we need a Sandbox?
>   idea here is for all CNCF projects to share one sandbox
>   for super-early stage experiments that otherwise have
>   gone into K8s incubator
> - Sandbox == Inception?
> - Sandbox is a CNCF Github Org?
>
> Health:
> * Reviews & healthchecks
> what / when / how?
> * Service desk
> what else is needed here?
> * Project TLC WG?
> RFC / Volunteers
>
> Feb 20
>
> Theme: Working Groups
>
> * Purpose
> * Scope / Authority
> * Status / Progress
> * Exit Criteria
>
>
>
>
>
>
>
>
>
>




Re: Incubating and Inception levels in marketing materials

alexis richardson
 

Erin

Please could you be specific? Do you think Inception and/or
Incubation should require Maintainers from more companies? I am not
promising changes, but *now* is the time to table and debate this. If
people have concerns, please invite them to voice them here or have a
sponsor do so on their behalf.

alexis

On Mon, Feb 5, 2018 at 8:24 PM, Erin Boyd <eboyd@...> wrote:
Hi Alexis,
It's not a question, but just an observation of voiced 'concern' I see on
many of the inception level requests, where the feedback is "where is the
community support beyond company A", etc.

So redefining our "what is means to be Cloud Native" and including Open
Source as part of this primary driving directive, it seems counter-intuitive
to accept projects, even at an inception level if they don't strong
community support.

Thoughts?
Erin



On Mon, Feb 5, 2018 at 12:06 PM, alexis richardson <alexis@...>
wrote:

Erin

Thank you.

What is your question about community support?

Alexis


On Mon, 5 Feb 2018, 19:02 Erin Boyd, <eboyd@...> wrote:

Alexis/Dan et all,
I appreciate the work it is to grow this foundation and ensure it lands
in a healthy place, it's no small feat!

With the popularity of CNCF, it's 'endorsement' to projects is a huge
success factor.

And while I know we are current revamping definitions to provide better
understanding of the stages of a project, I think many in the community are
concerned that outside of this, perception is reality. Honestly, if I am a
potential customer and looking at a project, just having it listed (with a
bunch of other projects at different levels) on the CNCF website probably
instills a certain amount of confidence in the project.

The criteria between inception to graduation is well documented and
understood by the TOC, but outside of that, I am not sure.
Many times it's been brought of that for instance, "community support is
not sufficient for xyz project". We have agreed this is not a strict
requirement of inception, however those active in the Open Source community
see this as criteria zero.

Also, do we have a good way of tracking technical concerns brought
forward from the DD to the next phase? Have we considered creating and
publishing a concrete timeline around each of these phases and what the plan
is if projects don't meet these guidelines? I feel that many people are
trying to provide good due diligence while also balancing their day jobs, so
things are also getting possibly missed because the dates aren't well
defined. (I know I've mentioned this to Chris so sorry to feel like a broken
record here).

Would love to hear other's thoughts around this.
Thanks,
Erin



On Mon, Feb 5, 2018 at 9:20 AM, alexis richardson <alexis@...>
wrote:

Jess

That's really one for Dan but AIUI the whole website is in the process
of being nurtured into an optimal state for 2018 .... So all comments
good & timely, anywhere.

a



On Mon, Feb 5, 2018 at 4:16 PM, Jessica Frazelle <me@...>
wrote:
Quick question: what are the platinum members, the ones who paid the
300k?

Do they need to be on the same slide / materials as the projects? Is
that written into a contract or something? Also I'm more than happy to
ask this on the call :)

On Mon, Feb 5, 2018 at 11:14 AM, alexis richardson
<alexis@...> wrote:
thanks Dan & team

@all TOC community, please do comment to Dan directly or on
tomorrow's TOC call


On Mon, Feb 5, 2018 at 4:08 PM, Dan Kohn <dan@...>
wrote:
We'll be discussing maturity levels on the TOC call. This is just a
quick
note that at the TOC's request, we revised CNCF marketing materials
to
clearly separate Incubating and Inception projects:

https://www.cncf.io/
https://www.cncf.io/projects/

https://docs.google.com/presentation/d/1BoxFeENJcINgHbKfygXpXROchiRO2LBT-pzdaOFr4Zg/edit#slide=id.g2c13d20ecb_1_0

We will obviously add a more prominent graduated section as soon as
the
first projects graduate. The same project separation will carry over
to our
marketing materials for KubeCon + CloudNativeCon.
--
Dan Kohn <dan@...>
Executive Director, Cloud Native Computing Foundation
https://www.cncf.io
+1-415-233-1000 https://www.dankohn.com



--


Jessie Frazelle
4096R / D4C4 DD60 0D66 F65A 8EFC 511E 18F3 685C 0022 BFF3
pgp.mit.edu




Re: Incubating and Inception levels in marketing materials

alexis richardson
 

Camille, I agree, indeed we may wish to be more definitive even

On Mon, Feb 5, 2018 at 8:24 PM, Camille Fournier <skamille@...> wrote:
The way that Apache separates out its "incubator" projects from full
projects is that incubation projects are not listed in the main list of
Apache projects, but rather on the incubator.apache.org subsite. It might be
worth examining an approach like that to make clear the distinction.

C

On Mon, Feb 5, 2018 at 2:06 PM, alexis richardson <alexis@...>
wrote:

Erin

Thank you.

What is your question about community support?

Alexis


On Mon, 5 Feb 2018, 19:02 Erin Boyd, <eboyd@...> wrote:

Alexis/Dan et all,
I appreciate the work it is to grow this foundation and ensure it lands
in a healthy place, it's no small feat!

With the popularity of CNCF, it's 'endorsement' to projects is a huge
success factor.

And while I know we are current revamping definitions to provide better
understanding of the stages of a project, I think many in the community are
concerned that outside of this, perception is reality. Honestly, if I am a
potential customer and looking at a project, just having it listed (with a
bunch of other projects at different levels) on the CNCF website probably
instills a certain amount of confidence in the project.

The criteria between inception to graduation is well documented and
understood by the TOC, but outside of that, I am not sure.
Many times it's been brought of that for instance, "community support is
not sufficient for xyz project". We have agreed this is not a strict
requirement of inception, however those active in the Open Source community
see this as criteria zero.

Also, do we have a good way of tracking technical concerns brought
forward from the DD to the next phase? Have we considered creating and
publishing a concrete timeline around each of these phases and what the plan
is if projects don't meet these guidelines? I feel that many people are
trying to provide good due diligence while also balancing their day jobs, so
things are also getting possibly missed because the dates aren't well
defined. (I know I've mentioned this to Chris so sorry to feel like a broken
record here).

Would love to hear other's thoughts around this.
Thanks,
Erin



On Mon, Feb 5, 2018 at 9:20 AM, alexis richardson <alexis@...>
wrote:

Jess

That's really one for Dan but AIUI the whole website is in the process
of being nurtured into an optimal state for 2018 .... So all comments
good & timely, anywhere.

a



On Mon, Feb 5, 2018 at 4:16 PM, Jessica Frazelle <me@...>
wrote:
Quick question: what are the platinum members, the ones who paid the
300k?

Do they need to be on the same slide / materials as the projects? Is
that written into a contract or something? Also I'm more than happy to
ask this on the call :)

On Mon, Feb 5, 2018 at 11:14 AM, alexis richardson
<alexis@...> wrote:
thanks Dan & team

@all TOC community, please do comment to Dan directly or on
tomorrow's TOC call


On Mon, Feb 5, 2018 at 4:08 PM, Dan Kohn <dan@...>
wrote:
We'll be discussing maturity levels on the TOC call. This is just a
quick
note that at the TOC's request, we revised CNCF marketing materials
to
clearly separate Incubating and Inception projects:

https://www.cncf.io/
https://www.cncf.io/projects/

https://docs.google.com/presentation/d/1BoxFeENJcINgHbKfygXpXROchiRO2LBT-pzdaOFr4Zg/edit#slide=id.g2c13d20ecb_1_0

We will obviously add a more prominent graduated section as soon as
the
first projects graduate. The same project separation will carry over
to our
marketing materials for KubeCon + CloudNativeCon.
--
Dan Kohn <dan@...>
Executive Director, Cloud Native Computing Foundation
https://www.cncf.io
+1-415-233-1000 https://www.dankohn.com



--


Jessie Frazelle
4096R / D4C4 DD60 0D66 F65A 8EFC 511E 18F3 685C 0022 BFF3
pgp.mit.edu




Re: Incubating and Inception levels in marketing materials

Camille Fournier
 

The way that Apache separates out its "incubator" projects from full projects is that incubation projects are not listed in the main list of Apache projects, but rather on the incubator.apache.org subsite. It might be worth examining an approach like that to make clear the distinction.

C

On Mon, Feb 5, 2018 at 2:06 PM, alexis richardson <alexis@...> wrote:
Erin

Thank you. 

What is your question about community support?

Alexis


On Mon, 5 Feb 2018, 19:02 Erin Boyd, <eboyd@...> wrote:
Alexis/Dan et all,
I appreciate the work it is to grow this foundation and ensure it lands in a healthy place, it's no small feat!

With the popularity of CNCF, it's 'endorsement' to projects is a huge success factor.

And while I know we are current revamping definitions to provide better understanding of the stages of a project, I think many in the community are concerned that outside of this, perception is reality. Honestly, if I am a potential customer and looking at a project, just having it listed (with a bunch of other projects at different levels) on the CNCF website probably instills a certain amount of confidence in the project.

The criteria between inception to graduation is well documented and understood by the TOC, but outside of that, I am not sure.
Many times it's been brought of that for instance, "community support is not sufficient for xyz project". We have agreed this is not a strict requirement of inception, however those active in the Open Source community see this as criteria zero.

Also, do we have a good way of tracking technical concerns brought forward from the DD to the next phase? Have we considered creating and publishing a concrete timeline around each of these phases and what the plan is if projects don't meet these guidelines? I feel that many people are trying to provide good due diligence while also balancing their day jobs, so things are also getting possibly missed because the dates aren't well defined. (I know I've mentioned this to Chris so sorry to feel like a broken record here).

Would love to hear other's thoughts around this.
Thanks,
Erin
 


On Mon, Feb 5, 2018 at 9:20 AM, alexis richardson <alexis@...> wrote:
Jess

That's really one for Dan but AIUI the whole website is in the process
of being nurtured into an optimal state for 2018 ....  So all comments
good & timely, anywhere.

a



On Mon, Feb 5, 2018 at 4:16 PM, Jessica Frazelle <me@...> wrote:
> Quick question: what are the platinum members, the ones who paid the 300k?
>
> Do they need to be on the same slide / materials as the projects? Is
> that written into a contract or something? Also I'm more than happy to
> ask this on the call :)
>
> On Mon, Feb 5, 2018 at 11:14 AM, alexis richardson <alexis@...> wrote:
>> thanks Dan & team
>>
>> @all TOC community, please do comment to Dan directly or on tomorrow's TOC call
>>
>>
>> On Mon, Feb 5, 2018 at 4:08 PM, Dan Kohn <dan@...> wrote:
>>> We'll be discussing maturity levels on the TOC call. This is just a quick
>>> note that at the TOC's request, we revised CNCF marketing materials to
>>> clearly separate Incubating and Inception projects:
>>>
>>> https://www.cncf.io/
>>> https://www.cncf.io/projects/
>>> https://docs.google.com/presentation/d/1BoxFeENJcINgHbKfygXpXROchiRO2LBT-pzdaOFr4Zg/edit#slide=id.g2c13d20ecb_1_0
>>>
>>> We will obviously add a more prominent graduated section as soon as the
>>> first projects graduate. The same project separation will carry over to our
>>> marketing materials for KubeCon + CloudNativeCon.
>>> --
>>> Dan Kohn <dan@...>
>>> Executive Director, Cloud Native Computing Foundation https://www.cncf.io
>>> +1-415-233-1000 https://www.dankohn.com
>>>
>>
>>
>>
>
>
>
> --
>
>
> Jessie Frazelle
> 4096R / D4C4 DD60 0D66 F65A 8EFC  511E 18F3 685C 0022 BFF3
> pgp.mit.edu
>
>
>






Re: Incubating and Inception levels in marketing materials

Erin Boyd
 

Hi Alexis,
It's not a question, but just an observation of voiced 'concern' I see on many of the inception level requests, where the feedback is "where is the community support beyond company A", etc.

So redefining our "what is means to be Cloud Native" and including Open Source as part of this primary driving directive, it seems counter-intuitive to accept projects, even at an inception level if they don't strong community support.

Thoughts?
Erin



On Mon, Feb 5, 2018 at 12:06 PM, alexis richardson <alexis@...> wrote:
Erin

Thank you. 

What is your question about community support?

Alexis


On Mon, 5 Feb 2018, 19:02 Erin Boyd, <eboyd@...> wrote:
Alexis/Dan et all,
I appreciate the work it is to grow this foundation and ensure it lands in a healthy place, it's no small feat!

With the popularity of CNCF, it's 'endorsement' to projects is a huge success factor.

And while I know we are current revamping definitions to provide better understanding of the stages of a project, I think many in the community are concerned that outside of this, perception is reality. Honestly, if I am a potential customer and looking at a project, just having it listed (with a bunch of other projects at different levels) on the CNCF website probably instills a certain amount of confidence in the project.

The criteria between inception to graduation is well documented and understood by the TOC, but outside of that, I am not sure.
Many times it's been brought of that for instance, "community support is not sufficient for xyz project". We have agreed this is not a strict requirement of inception, however those active in the Open Source community see this as criteria zero.

Also, do we have a good way of tracking technical concerns brought forward from the DD to the next phase? Have we considered creating and publishing a concrete timeline around each of these phases and what the plan is if projects don't meet these guidelines? I feel that many people are trying to provide good due diligence while also balancing their day jobs, so things are also getting possibly missed because the dates aren't well defined. (I know I've mentioned this to Chris so sorry to feel like a broken record here).

Would love to hear other's thoughts around this.
Thanks,
Erin
 


On Mon, Feb 5, 2018 at 9:20 AM, alexis richardson <alexis@...> wrote:
Jess

That's really one for Dan but AIUI the whole website is in the process
of being nurtured into an optimal state for 2018 ....  So all comments
good & timely, anywhere.

a



On Mon, Feb 5, 2018 at 4:16 PM, Jessica Frazelle <me@...> wrote:
> Quick question: what are the platinum members, the ones who paid the 300k?
>
> Do they need to be on the same slide / materials as the projects? Is
> that written into a contract or something? Also I'm more than happy to
> ask this on the call :)
>
> On Mon, Feb 5, 2018 at 11:14 AM, alexis richardson <alexis@...> wrote:
>> thanks Dan & team
>>
>> @all TOC community, please do comment to Dan directly or on tomorrow's TOC call
>>
>>
>> On Mon, Feb 5, 2018 at 4:08 PM, Dan Kohn <dan@...> wrote:
>>> We'll be discussing maturity levels on the TOC call. This is just a quick
>>> note that at the TOC's request, we revised CNCF marketing materials to
>>> clearly separate Incubating and Inception projects:
>>>
>>> https://www.cncf.io/
>>> https://www.cncf.io/projects/
>>> https://docs.google.com/presentation/d/1BoxFeENJcINgHbKfygXpXROchiRO2LBT-pzdaOFr4Zg/edit#slide=id.g2c13d20ecb_1_0
>>>
>>> We will obviously add a more prominent graduated section as soon as the
>>> first projects graduate. The same project separation will carry over to our
>>> marketing materials for KubeCon + CloudNativeCon.
>>> --
>>> Dan Kohn <dan@...>
>>> Executive Director, Cloud Native Computing Foundation https://www.cncf.io
>>> +1-415-233-1000 https://www.dankohn.com
>>>
>>
>>
>>
>
>
>
> --
>
>
> Jessie Frazelle
> 4096R / D4C4 DD60 0D66 F65A 8EFC  511E 18F3 685C 0022 BFF3
> pgp.mit.edu
>
>
>






Re: Incubating and Inception levels in marketing materials

alexis richardson
 

Erin

Thank you. 

What is your question about community support?

Alexis


On Mon, 5 Feb 2018, 19:02 Erin Boyd, <eboyd@...> wrote:
Alexis/Dan et all,
I appreciate the work it is to grow this foundation and ensure it lands in a healthy place, it's no small feat!

With the popularity of CNCF, it's 'endorsement' to projects is a huge success factor.

And while I know we are current revamping definitions to provide better understanding of the stages of a project, I think many in the community are concerned that outside of this, perception is reality. Honestly, if I am a potential customer and looking at a project, just having it listed (with a bunch of other projects at different levels) on the CNCF website probably instills a certain amount of confidence in the project.

The criteria between inception to graduation is well documented and understood by the TOC, but outside of that, I am not sure.
Many times it's been brought of that for instance, "community support is not sufficient for xyz project". We have agreed this is not a strict requirement of inception, however those active in the Open Source community see this as criteria zero.

Also, do we have a good way of tracking technical concerns brought forward from the DD to the next phase? Have we considered creating and publishing a concrete timeline around each of these phases and what the plan is if projects don't meet these guidelines? I feel that many people are trying to provide good due diligence while also balancing their day jobs, so things are also getting possibly missed because the dates aren't well defined. (I know I've mentioned this to Chris so sorry to feel like a broken record here).

Would love to hear other's thoughts around this.
Thanks,
Erin
 


On Mon, Feb 5, 2018 at 9:20 AM, alexis richardson <alexis@...> wrote:
Jess

That's really one for Dan but AIUI the whole website is in the process
of being nurtured into an optimal state for 2018 ....  So all comments
good & timely, anywhere.

a



On Mon, Feb 5, 2018 at 4:16 PM, Jessica Frazelle <me@...> wrote:
> Quick question: what are the platinum members, the ones who paid the 300k?
>
> Do they need to be on the same slide / materials as the projects? Is
> that written into a contract or something? Also I'm more than happy to
> ask this on the call :)
>
> On Mon, Feb 5, 2018 at 11:14 AM, alexis richardson <alexis@...> wrote:
>> thanks Dan & team
>>
>> @all TOC community, please do comment to Dan directly or on tomorrow's TOC call
>>
>>
>> On Mon, Feb 5, 2018 at 4:08 PM, Dan Kohn <dan@...> wrote:
>>> We'll be discussing maturity levels on the TOC call. This is just a quick
>>> note that at the TOC's request, we revised CNCF marketing materials to
>>> clearly separate Incubating and Inception projects:
>>>
>>> https://www.cncf.io/
>>> https://www.cncf.io/projects/
>>> https://docs.google.com/presentation/d/1BoxFeENJcINgHbKfygXpXROchiRO2LBT-pzdaOFr4Zg/edit#slide=id.g2c13d20ecb_1_0
>>>
>>> We will obviously add a more prominent graduated section as soon as the
>>> first projects graduate. The same project separation will carry over to our
>>> marketing materials for KubeCon + CloudNativeCon.
>>> --
>>> Dan Kohn <dan@...>
>>> Executive Director, Cloud Native Computing Foundation https://www.cncf.io
>>> +1-415-233-1000 https://www.dankohn.com
>>>
>>
>>
>>
>
>
>
> --
>
>
> Jessie Frazelle
> 4096R / D4C4 DD60 0D66 F65A 8EFC  511E 18F3 685C 0022 BFF3
> pgp.mit.edu
>
>
>





Re: Incubating and Inception levels in marketing materials

Erin Boyd
 

Alexis/Dan et all,
I appreciate the work it is to grow this foundation and ensure it lands in a healthy place, it's no small feat!

With the popularity of CNCF, it's 'endorsement' to projects is a huge success factor.

And while I know we are current revamping definitions to provide better understanding of the stages of a project, I think many in the community are concerned that outside of this, perception is reality. Honestly, if I am a potential customer and looking at a project, just having it listed (with a bunch of other projects at different levels) on the CNCF website probably instills a certain amount of confidence in the project.

The criteria between inception to graduation is well documented and understood by the TOC, but outside of that, I am not sure.
Many times it's been brought of that for instance, "community support is not sufficient for xyz project". We have agreed this is not a strict requirement of inception, however those active in the Open Source community see this as criteria zero.

Also, do we have a good way of tracking technical concerns brought forward from the DD to the next phase? Have we considered creating and publishing a concrete timeline around each of these phases and what the plan is if projects don't meet these guidelines? I feel that many people are trying to provide good due diligence while also balancing their day jobs, so things are also getting possibly missed because the dates aren't well defined. (I know I've mentioned this to Chris so sorry to feel like a broken record here).

Would love to hear other's thoughts around this.
Thanks,
Erin
 


On Mon, Feb 5, 2018 at 9:20 AM, alexis richardson <alexis@...> wrote:
Jess

That's really one for Dan but AIUI the whole website is in the process
of being nurtured into an optimal state for 2018 ....  So all comments
good & timely, anywhere.

a



On Mon, Feb 5, 2018 at 4:16 PM, Jessica Frazelle <me@...> wrote:
> Quick question: what are the platinum members, the ones who paid the 300k?
>
> Do they need to be on the same slide / materials as the projects? Is
> that written into a contract or something? Also I'm more than happy to
> ask this on the call :)
>
> On Mon, Feb 5, 2018 at 11:14 AM, alexis richardson <alexis@...> wrote:
>> thanks Dan & team
>>
>> @all TOC community, please do comment to Dan directly or on tomorrow's TOC call
>>
>>
>> On Mon, Feb 5, 2018 at 4:08 PM, Dan Kohn <dan@...> wrote:
>>> We'll be discussing maturity levels on the TOC call. This is just a quick
>>> note that at the TOC's request, we revised CNCF marketing materials to
>>> clearly separate Incubating and Inception projects:
>>>
>>> https://www.cncf.io/
>>> https://www.cncf.io/projects/
>>> https://docs.google.com/presentation/d/1BoxFeENJcINgHbKfygXpXROchiRO2LBT-pzdaOFr4Zg/edit#slide=id.g2c13d20ecb_1_0
>>>
>>> We will obviously add a more prominent graduated section as soon as the
>>> first projects graduate. The same project separation will carry over to our
>>> marketing materials for KubeCon + CloudNativeCon.
>>> --
>>> Dan Kohn <dan@...>
>>> Executive Director, Cloud Native Computing Foundation https://www.cncf.io
>>> +1-415-233-1000 https://www.dankohn.com
>>>
>>
>>
>>
>
>
>
> --
>
>
> Jessie Frazelle
> 4096R / D4C4 DD60 0D66 F65A 8EFC  511E 18F3 685C 0022 BFF3
> pgp.mit.edu
>
>
>





Re: Incubating and Inception levels in marketing materials

Dan Kohn <dan@...>
 

On Mon, Feb 5, 2018 at 11:16 AM, Jessica Frazelle <me@...> wrote:
Quick question: what are the platinum members, the ones who paid the 300k?

Yes, platinum members are the ones backing CNCF at the highest level. Our membership fees: https://www.cncf.io/about/join/
 
Do they need to be on the same slide / materials as the projects? Is
that written into a contract or something? Also I'm more than happy to
ask this on the call :)

Nope, there's no such contract. However, this is intended to be a one-slide summary of CNCF, it's projects and it's main backers. When I meet with prospective end users, members, project contributors, developers, etc. those are regularly their first questions.
--
Dan Kohn <dan@...>
Executive Director, Cloud Native Computing Foundation https://www.cncf.io


Re: [RESULT] Vitess project proposal ACCEPTED (incubation)

alexis richardson
 

Can I have Camille's second vote?

+1 binding


On Mon, Feb 5, 2018 at 4:21 PM, Chris Aniszczyk
<caniszczyk@...> wrote:
Hey everyone, I'm happy to announce that Vitess has been accepted into CNCF
as an INCUBATION level project (sponsored by Brian Grant):
https://github.com/cncf/toc/pull/57

+1 TOC binding votes (8 / 9):
- Sam Lambert: https://lists.cncf.io/g/cncf-toc/message/1488
- Ben Hindman: https://lists.cncf.io/g/cncf-toc/message/1491
- Camille Fournier: https://lists.cncf.io/g/cncf-toc/message/1512
- Brian Grant: https://lists.cncf.io/g/cncf-toc/message/1517
- Bryan Cantrill: https://lists.cncf.io/g/cncf-toc/message/1523
- Ken Owens: https://lists.cncf.io/g/cncf-toc/message/1535
- Jon Boulle: https://lists.cncf.io/g/cncf-toc/message/1549
- Camille Fournier: https://lists.cncf.io/g/cncf-toc/message/1558

+1 non-binding community votes:
- Richard Li: https://lists.cncf.io/g/cncf-toc/message/1487
- Nick Chase: https://lists.cncf.io/g/cncf-toc/message/1489
- Bassam Tabbara: https://lists.cncf.io/g/cncf-toc/message/1490
- Jitendra Vaidya: https://lists.cncf.io/g/cncf-toc/message/1493
- Hedieh Yaghami: https://lists.cncf.io/g/cncf-toc/message/1494
- Guido Iaquinti: https://lists.cncf.io/g/cncf-toc/message/1495
- Deepak Vij: https://lists.cncf.io/g/cncf-toc/message/1496
- Sugu Sougoumarane: https://lists.cncf.io/g/cncf-toc/message/1497
- Robert Navarro: https://lists.cncf.io/g/cncf-toc/message/1498
- Anthony Yeh: https://lists.cncf.io/g/cncf-toc/message/1499
- Bryan Beaudreault: https://lists.cncf.io/g/cncf-toc/message/1500
- Amit Khare: https://lists.cncf.io/g/cncf-toc/message/1501
- Michael Demmer: https://lists.cncf.io/g/cncf-toc/message/1502
- acharis@...: https://lists.cncf.io/g/cncf-toc/message/1503
- jscheinblum@...: https://lists.cncf.io/g/cncf-toc/message/1504
- Ameet Kotian: https://lists.cncf.io/g/cncf-toc/message/1505
- Rafael Chacon: https://lists.cncf.io/g/cncf-toc/message/1506
- Derek Perkins: https://lists.cncf.io/g/cncf-toc/message/1507
- hmcgonigal@...: https://lists.cncf.io/g/cncf-toc/message/1508
- Maggie Zhou: https://lists.cncf.io/g/cncf-toc/message/1509
- Jon Tirsen: https://lists.cncf.io/g/cncf-toc/message/1510
- Ashudeep Sharma: https://lists.cncf.io/g/cncf-toc/message/1511
- Tony Shu: https://lists.cncf.io/g/cncf-toc/message/1513
- Michael Pawliszyn : https://lists.cncf.io/g/cncf-toc/message/1514
- Nathan Xu: https://lists.cncf.io/g/cncf-toc/message/1515
- Chakri Nelluri: https://lists.cncf.io/g/cncf-toc/message/1518
- Xie Jinke: https://lists.cncf.io/g/cncf-toc/message/1519
- Shlomi Noach: https://lists.cncf.io/g/cncf-toc/message/1520
- Quinton Hoole: https://lists.cncf.io/g/cncf-toc/message/1531
- Mark Peek: https://lists.cncf.io/g/cncf-toc/message/1550
- JungHyun Kim: https://lists.cncf.io/g/cncf-toc/message/1551
- Joseph Jacks: https://lists.cncf.io/g/cncf-toc/message/1572

We'll be working with the Vitess community over the next few weeks to
welcome them to the CNCF project family and move over to
https://github.com/vitessio

Thanks again to everyone who voted and participated in the due diligence
process:
https://github.com/cncf/toc/blob/master/process/due-diligence-guidelines.md

Finally, please welcome the Vitess community!

--
Chris Aniszczyk (@cra) | +1-512-961-6719


Re: [RESULT] Vitess project proposal ACCEPTED (incubation)

alexis richardson
 

Can I have Camille's second vote?

+1 binding


On Mon, Feb 5, 2018 at 4:21 PM, Chris Aniszczyk
<caniszczyk@...> wrote:
Hey everyone, I'm happy to announce that Vitess has been accepted into CNCF
as an INCUBATION level project (sponsored by Brian Grant):
https://github.com/cncf/toc/pull/57

+1 TOC binding votes (8 / 9):
- Sam Lambert: https://lists.cncf.io/g/cncf-toc/message/1488
- Ben Hindman: https://lists.cncf.io/g/cncf-toc/message/1491
- Camille Fournier: https://lists.cncf.io/g/cncf-toc/message/1512
- Brian Grant: https://lists.cncf.io/g/cncf-toc/message/1517
- Bryan Cantrill: https://lists.cncf.io/g/cncf-toc/message/1523
- Ken Owens: https://lists.cncf.io/g/cncf-toc/message/1535
- Jon Boulle: https://lists.cncf.io/g/cncf-toc/message/1549
- Camille Fournier: https://lists.cncf.io/g/cncf-toc/message/1558

+1 non-binding community votes:
- Richard Li: https://lists.cncf.io/g/cncf-toc/message/1487
- Nick Chase: https://lists.cncf.io/g/cncf-toc/message/1489
- Bassam Tabbara: https://lists.cncf.io/g/cncf-toc/message/1490
- Jitendra Vaidya: https://lists.cncf.io/g/cncf-toc/message/1493
- Hedieh Yaghami: https://lists.cncf.io/g/cncf-toc/message/1494
- Guido Iaquinti: https://lists.cncf.io/g/cncf-toc/message/1495
- Deepak Vij: https://lists.cncf.io/g/cncf-toc/message/1496
- Sugu Sougoumarane: https://lists.cncf.io/g/cncf-toc/message/1497
- Robert Navarro: https://lists.cncf.io/g/cncf-toc/message/1498
- Anthony Yeh: https://lists.cncf.io/g/cncf-toc/message/1499
- Bryan Beaudreault: https://lists.cncf.io/g/cncf-toc/message/1500
- Amit Khare: https://lists.cncf.io/g/cncf-toc/message/1501
- Michael Demmer: https://lists.cncf.io/g/cncf-toc/message/1502
- acharis@...: https://lists.cncf.io/g/cncf-toc/message/1503
- jscheinblum@...: https://lists.cncf.io/g/cncf-toc/message/1504
- Ameet Kotian: https://lists.cncf.io/g/cncf-toc/message/1505
- Rafael Chacon: https://lists.cncf.io/g/cncf-toc/message/1506
- Derek Perkins: https://lists.cncf.io/g/cncf-toc/message/1507
- hmcgonigal@...: https://lists.cncf.io/g/cncf-toc/message/1508
- Maggie Zhou: https://lists.cncf.io/g/cncf-toc/message/1509
- Jon Tirsen: https://lists.cncf.io/g/cncf-toc/message/1510
- Ashudeep Sharma: https://lists.cncf.io/g/cncf-toc/message/1511
- Tony Shu: https://lists.cncf.io/g/cncf-toc/message/1513
- Michael Pawliszyn : https://lists.cncf.io/g/cncf-toc/message/1514
- Nathan Xu: https://lists.cncf.io/g/cncf-toc/message/1515
- Chakri Nelluri: https://lists.cncf.io/g/cncf-toc/message/1518
- Xie Jinke: https://lists.cncf.io/g/cncf-toc/message/1519
- Shlomi Noach: https://lists.cncf.io/g/cncf-toc/message/1520
- Quinton Hoole: https://lists.cncf.io/g/cncf-toc/message/1531
- Mark Peek: https://lists.cncf.io/g/cncf-toc/message/1550
- JungHyun Kim: https://lists.cncf.io/g/cncf-toc/message/1551
- Joseph Jacks: https://lists.cncf.io/g/cncf-toc/message/1572

We'll be working with the Vitess community over the next few weeks to
welcome them to the CNCF project family and move over to
https://github.com/vitessio

Thanks again to everyone who voted and participated in the due diligence
process:
https://github.com/cncf/toc/blob/master/process/due-diligence-guidelines.md

Finally, please welcome the Vitess community!

--
Chris Aniszczyk (@cra) | +1-512-961-6719


[RESULT] Vitess project proposal ACCEPTED (incubation)

Chris Aniszczyk
 

Hey everyone, I'm happy to announce that Vitess has been accepted into CNCF as an INCUBATION level project (sponsored by Brian Grant): https://github.com/cncf/toc/pull/57

+1 TOC binding votes (8 / 9):

+1 non-binding community votes:
- Richard Li: https://lists.cncf.io/g/cncf-toc/message/1487
- Nick Chase: https://lists.cncf.io/g/cncf-toc/message/1489
- Bassam Tabbara: https://lists.cncf.io/g/cncf-toc/message/1490
- Jitendra Vaidya: https://lists.cncf.io/g/cncf-toc/message/1493
- Hedieh Yaghami: https://lists.cncf.io/g/cncf-toc/message/1494
- Guido Iaquinti: https://lists.cncf.io/g/cncf-toc/message/1495
- Deepak Vij: https://lists.cncf.io/g/cncf-toc/message/1496
- Sugu Sougoumarane: https://lists.cncf.io/g/cncf-toc/message/1497
- Robert Navarro: https://lists.cncf.io/g/cncf-toc/message/1498
- Anthony Yeh: https://lists.cncf.io/g/cncf-toc/message/1499
- Bryan Beaudreault: https://lists.cncf.io/g/cncf-toc/message/1500
- Amit Khare: https://lists.cncf.io/g/cncf-toc/message/1501
- Michael Demmer: https://lists.cncf.io/g/cncf-toc/message/1502
- acharis@...: https://lists.cncf.io/g/cncf-toc/message/1503
- jscheinblum@...: https://lists.cncf.io/g/cncf-toc/message/1504
- Ameet Kotian: https://lists.cncf.io/g/cncf-toc/message/1505
- Rafael Chacon: https://lists.cncf.io/g/cncf-toc/message/1506
- Derek Perkins: https://lists.cncf.io/g/cncf-toc/message/1507
- hmcgonigal@...: https://lists.cncf.io/g/cncf-toc/message/1508
- Maggie Zhou: https://lists.cncf.io/g/cncf-toc/message/1509
- Jon Tirsen: https://lists.cncf.io/g/cncf-toc/message/1510
- Ashudeep Sharma: https://lists.cncf.io/g/cncf-toc/message/1511
- Tony Shu: https://lists.cncf.io/g/cncf-toc/message/1513
- Michael Pawliszyn : https://lists.cncf.io/g/cncf-toc/message/1514
- Nathan Xu: https://lists.cncf.io/g/cncf-toc/message/1515
- Chakri Nelluri: https://lists.cncf.io/g/cncf-toc/message/1518
- Xie Jinke: https://lists.cncf.io/g/cncf-toc/message/1519
- Shlomi Noach: https://lists.cncf.io/g/cncf-toc/message/1520
- Quinton Hoole: https://lists.cncf.io/g/cncf-toc/message/1531
- Mark Peek: https://lists.cncf.io/g/cncf-toc/message/1550
- JungHyun Kim: https://lists.cncf.io/g/cncf-toc/message/1551
- Joseph Jacks: https://lists.cncf.io/g/cncf-toc/message/1572

We'll be working with the Vitess community over the next few weeks to welcome them to the CNCF project family and move over to https://github.com/vitessio

Thanks again to everyone who voted and participated in the due diligence process: https://github.com/cncf/toc/blob/master/process/due-diligence-guidelines.md

Finally, please welcome the Vitess community!

--
Chris Aniszczyk (@cra) | +1-512-961-6719


Re: Incubating and Inception levels in marketing materials

alexis richardson
 

Jess

That's really one for Dan but AIUI the whole website is in the process
of being nurtured into an optimal state for 2018 .... So all comments
good & timely, anywhere.

a

On Mon, Feb 5, 2018 at 4:16 PM, Jessica Frazelle <me@...> wrote:
Quick question: what are the platinum members, the ones who paid the 300k?

Do they need to be on the same slide / materials as the projects? Is
that written into a contract or something? Also I'm more than happy to
ask this on the call :)

On Mon, Feb 5, 2018 at 11:14 AM, alexis richardson <alexis@...> wrote:
thanks Dan & team

@all TOC community, please do comment to Dan directly or on tomorrow's TOC call


On Mon, Feb 5, 2018 at 4:08 PM, Dan Kohn <dan@...> wrote:
We'll be discussing maturity levels on the TOC call. This is just a quick
note that at the TOC's request, we revised CNCF marketing materials to
clearly separate Incubating and Inception projects:

https://www.cncf.io/
https://www.cncf.io/projects/
https://docs.google.com/presentation/d/1BoxFeENJcINgHbKfygXpXROchiRO2LBT-pzdaOFr4Zg/edit#slide=id.g2c13d20ecb_1_0

We will obviously add a more prominent graduated section as soon as the
first projects graduate. The same project separation will carry over to our
marketing materials for KubeCon + CloudNativeCon.
--
Dan Kohn <dan@...>
Executive Director, Cloud Native Computing Foundation https://www.cncf.io
+1-415-233-1000 https://www.dankohn.com



--


Jessie Frazelle
4096R / D4C4 DD60 0D66 F65A 8EFC 511E 18F3 685C 0022 BFF3
pgp.mit.edu



Re: Incubating and Inception levels in marketing materials

Jessica Frazelle <me@...>
 

Quick question: what are the platinum members, the ones who paid the 300k?

Do they need to be on the same slide / materials as the projects? Is
that written into a contract or something? Also I'm more than happy to
ask this on the call :)

On Mon, Feb 5, 2018 at 11:14 AM, alexis richardson <alexis@...> wrote:
thanks Dan & team

@all TOC community, please do comment to Dan directly or on tomorrow's TOC call


On Mon, Feb 5, 2018 at 4:08 PM, Dan Kohn <dan@...> wrote:
We'll be discussing maturity levels on the TOC call. This is just a quick
note that at the TOC's request, we revised CNCF marketing materials to
clearly separate Incubating and Inception projects:

https://www.cncf.io/
https://www.cncf.io/projects/
https://docs.google.com/presentation/d/1BoxFeENJcINgHbKfygXpXROchiRO2LBT-pzdaOFr4Zg/edit#slide=id.g2c13d20ecb_1_0

We will obviously add a more prominent graduated section as soon as the
first projects graduate. The same project separation will carry over to our
marketing materials for KubeCon + CloudNativeCon.
--
Dan Kohn <dan@...>
Executive Director, Cloud Native Computing Foundation https://www.cncf.io
+1-415-233-1000 https://www.dankohn.com

--


Jessie Frazelle
4096R / D4C4 DD60 0D66 F65A 8EFC 511E 18F3 685C 0022 BFF3
pgp.mit.edu


Re: Incubating and Inception levels in marketing materials

alexis richardson
 

thanks Dan & team

@all TOC community, please do comment to Dan directly or on tomorrow's TOC call

On Mon, Feb 5, 2018 at 4:08 PM, Dan Kohn <dan@...> wrote:
We'll be discussing maturity levels on the TOC call. This is just a quick
note that at the TOC's request, we revised CNCF marketing materials to
clearly separate Incubating and Inception projects:

https://www.cncf.io/
https://www.cncf.io/projects/
https://docs.google.com/presentation/d/1BoxFeENJcINgHbKfygXpXROchiRO2LBT-pzdaOFr4Zg/edit#slide=id.g2c13d20ecb_1_0

We will obviously add a more prominent graduated section as soon as the
first projects graduate. The same project separation will carry over to our
marketing materials for KubeCon + CloudNativeCon.
--
Dan Kohn <dan@...>
Executive Director, Cloud Native Computing Foundation https://www.cncf.io
+1-415-233-1000 https://www.dankohn.com


Incubating and Inception levels in marketing materials

Dan Kohn <dan@...>
 

We'll be discussing maturity levels on the TOC call. This is just a quick note that at the TOC's request, we revised CNCF marketing materials to clearly separate Incubating and Inception projects:


We will obviously add a more prominent graduated section as soon as the first projects graduate. The same project separation will carry over to our marketing materials for KubeCon + CloudNativeCon.
--
Dan Kohn <dan@...>
Executive Director, Cloud Native Computing Foundation https://www.cncf.io
+1-415-233-1000 https://www.dankohn.com


Agenda for TOC tomorrow

alexis richardson
 

On Tue, Jan 30, 2018 at 2:17 PM, John Belamaric <jbelamaric@...> wrote:
Thanks. I have a couple slides in the deck already, I may update them a bit
before the meeting.


On Jan 30, 2018, at 9:16 AM, alexis richardson <alexis@...> wrote:

John, yes, we can definitely cover that.


On Tue, Jan 30, 2018 at 2:11 PM, John Belamaric <jbelamaric@...>
wrote:

Hi Alexis,

We planned to have the annual inception review for CoreDNS at the Feb 6
meeting. Is there still space on the agenda for that?

Thanks,
John


On Jan 29, 2018, at 4:53 AM, alexis richardson <alexis@...> wrote:

Hi everyone

Thank-you for a very well attended and productive TOC call on Jan
16th. The next call is on Feb 6th, in eight days time. This is a
call for Agenda items from the TOC community. I propose the following
rough draft agenda for Feb - shown below. If someone proposes
something more important or pressing, that will get tabled.

alexis



Feb 6

Theme: Project Status

Tiering:
* Graduation reviews: timeline to completion
* Inception to Incubation reviews: ditto
* Discuss project tiers:
- do we want to tweak criteria for entry / promotion
Inception > Incubation > Graduation
Attic
- Mature/Stable, slower moving projects
CNCF Github Org?
- do we need a Sandbox?
idea here is for all CNCF projects to share one sandbox
for super-early stage experiments that otherwise have
gone into K8s incubator
- Sandbox == Inception?
- Sandbox is a CNCF Github Org?

Health:
* Reviews & healthchecks
what / when / how?
* Service desk
what else is needed here?
* Project TLC WG?
RFC / Volunteers

Feb 20

Theme: Working Groups

* Purpose
* Scope / Authority
* Status / Progress
* Exit Criteria










Re: updating what it means to be "Cloud Native"

Brian Grant
 

On Sun, Feb 4, 2018 at 10:16 PM, Justin Garrison <justinleegarrison@...> wrote:
I feel like "secure" is more along the lines of the end goals, not engineered attributes.

I agree that it's an end goal. I also agree that it's vague and not specific to cloud-native approaches. Even the principle of least privilege dates back to at least the 70s, so I don't think it's particularly helpful as a distinguishing characteristic unless we can further qualify it.
 
I agree it's very important (see chapter 8 of Cloud Native Infrastructure) but many of the ways to make something secure are combinations of other attributes. From my experience the best you can do to secure any infrastructure and application is make the them verifiable (operability + observibility), agile to respond to vulnerabilities, and provisioned with least privilege. No amount of securing would have made you not vulnerable to spectre, heartbleed, or other critical vulnerabilities found in the past few years. Your best hope was if you could audit your systems (verifiable) and have an automated build/deploy pipeline (agile) to patch/replace impacted components. Even if the components were only provisioned with the minimum privileges needed vulnerabilities could still have huge impact and make your systems susceptible to hacking.

The only secure attributes not covered by one of the existing attributes is least privilege access. How that is implemented depends a lot on the application and environment. Kubernetes' RBAC and SPIFFE are examples for how to secure systems but I feel like saying "Cloud Native is least privilege" doesn't clarify anything. Does that mean least privilege for services? How about user accounts? Does that mean I need to enable SElinux/AppArmor? What about VPCs and overlay networks?

Maybe we can think of a way to clarify how to say "least privileged" without being too vague and sticking to engineered attributes and not end goals or product specific implementations.


--
Justin Garrison
justingarrison.com

On Sun, Feb 4, 2018 at 2:15 PM, Michael Gasch <embano1@...> wrote:
Great thread and I totally agree what's been discussed and summarized so far here.
Do you mind incorporating a notion on security in the definitions?

Something like:

  • Secure by design
    • Zero-trust (vs. solely relying on underlying/external components, e.g. firewalls)
    • Incorporating and complying with high encryption standards of data in transit and at rest (especially secrets)
    • Enforcing RBAC, this is including authorization/authentication/accounting primitives
    • Only exposing minimal attack surface (L4-7)
    • The list goes on
?

Btw: I am German and can help thinking about more prescriptive "Attribut- und Zustandsbeschreibungen"  :D




Re: updating what it means to be "Cloud Native"

Justin Garrison <justinleegarrison@...>
 

I feel like "secure" is more along the lines of the end goals, not engineered attributes. I agree it's very important (see chapter 8 of Cloud Native Infrastructure) but many of the ways to make something secure are combinations of other attributes. From my experience the best you can do to secure any infrastructure and application is make the them verifiable (operability + observibility), agile to respond to vulnerabilities, and provisioned with least privilege. No amount of securing would have made you not vulnerable to spectre, heartbleed, or other critical vulnerabilities found in the past few years. Your best hope was if you could audit your systems (verifiable) and have an automated build/deploy pipeline (agile) to patch/replace impacted components. Even if the components were only provisioned with the minimum privileges needed vulnerabilities could still have huge impact and make your systems susceptible to hacking.

The only secure attributes not covered by one of the existing attributes is least privilege access. How that is implemented depends a lot on the application and environment. Kubernetes' RBAC and SPIFFE are examples for how to secure systems but I feel like saying "Cloud Native is least privilege" doesn't clarify anything. Does that mean least privilege for services? How about user accounts? Does that mean I need to enable SElinux/AppArmor? What about VPCs and overlay networks?

Maybe we can think of a way to clarify how to say "least privileged" without being too vague and sticking to engineered attributes and not end goals or product specific implementations.


--
Justin Garrison
justingarrison.com

On Sun, Feb 4, 2018 at 2:15 PM, Michael Gasch <embano1@...> wrote:
Great thread and I totally agree what's been discussed and summarized so far here.
Do you mind incorporating a notion on security in the definitions?

Something like:

  • Secure by design
    • Zero-trust (vs. solely relying on underlying/external components, e.g. firewalls)
    • Incorporating and complying with high encryption standards of data in transit and at rest (especially secrets)
    • Enforcing RBAC, this is including authorization/authentication/accounting primitives
    • Only exposing minimal attack surface (L4-7)
    • The list goes on
?

Btw: I am German and can help thinking about more prescriptive "Attribut- und Zustandsbeschreibungen"  :D


5681 - 5700 of 7339