|
Re: meet at Re:invent?
Eduardo Silva
FYI: Treasure Data (Fluentd) will be at re:Invent and will host an after-party at Tao Night Club (best club in Last Vegas). TD is extending the invitation to CNCF members, if you are interested into participate, please register your self in the following link: regards, https://www.eventbrite.com/e/aws-reinvent-tao-after-party-tickets-27396529758
On Wed, Nov 16, 2016 at 3:31 PM, Mark Brandon via cncf-toc <cncf-toc@...> wrote:
--
|
|||
|
|
|||
|
Does anyone have any extra Re/Invent tickets?
Chenxi Wang
Sorry for the mass mailing, but we are looking for a few more Re/Invent tickets if anyone has any to spare. Thanks! Chenxi Wang, Ph.D. Chief Strategy Officer, Twistlock @chenxiwang +1.650.224.7197
|
|||
|
|
|||
|
Re: meet at Re:invent?
Mark Brandon
The Supergiant/Qbox team will be at re:invent in force.
On November 16, 2016 at 10:41:51 AM, Kenneth Owens (kenowens) via cncf-toc (cncf-toc@...) wrote:
|
|||
|
|
|||
|
CNCF K8s certification workgroup first meeting in SF 12/8-9 & 12/14-15
Dan Kohn <dan@...>
|
|||
|
|
|||
|
Re: meet at Re:invent?
Kenneth Owens (kenowens) <kenowens@...>
I do not plan to be there but can adjust if required.
toggle quoted messageShow quoted text
Kenneth Owens CTO kenowens@... Tel: +1 408 424 0872 Cisco Systems, Inc. 16401 Swingley Ridge Road Suite 400 CHESTERFIELD 63017 United States cisco.com Think before you print. This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. Please click here for Company Registration Information.
-----Original Message-----
From: cncf-toc-bounces@... [mailto:cncf-toc-bounces@...] On Behalf Of Alexis Richardson via cncf-toc Sent: Wednesday, November 16, 2016 4:33 AM To: Alexis Richardson via cncf-toc <cncf-toc@...> Subject: [cncf-toc] meet at Re:invent? Will there be enough of us at Re:invent to justify a f2f attempt? _______________________________________________ cncf-toc mailing list cncf-toc@... https://lists.cncf.io/mailman/listinfo/cncf-toc
|
|||
|
|
|||
|
Re: DRAFT agenda for TOC call today
alexis richardson
toggle quoted messageShow quoted text
On Wed, Nov 16, 2016 at 9:38 AM Alexis Richardson <alexis@...> wrote: Hi all,
|
|||
|
|
|||
|
meet at Re:invent?
alexis richardson
Will there be enough of us at Re:invent to justify a f2f attempt?
|
|||
|
|
|||
|
Re: Draft graduation criteria
alexis richardson
Hi all,
We can talk about this on the call, but the main point is "it feels like we are close". I propose to keep the doc open for comment for another 10-11 days and kick off a vote, if possible, around 27 Nov. alexis On Mon, Nov 14, 2016 at 1:02 PM, Dan Kohn via cncf-toc <cncf-toc@...> wrote: We believe we're Ready to call for a vote on the project graduation
|
|||
|
|
|||
|
DRAFT agenda for TOC call today
alexis richardson
Hi all,
Some logistical issues with google docs mean that I'm posting the draft agenda as below. Slides will land just before the meeting. a Projects: - Welcome Fluentd + link to Blog Post https://www.cncf.io/blog/2016/11/09/fluentd-joins-cloud-native-computing-foundation New Project Proposals: * Please can we invite gRPC & Linkerd to make written proposals → Let's have a show of hands on the call → Need sponsors * Next meeting (not today) - Pachyderm will present Ref Arch & Landscape: - (Voted!) Big thanks to Ken & co. - Please use the Ref Arch. Example - (with Redpoint) Landscape picture - show 0.92 Review of last week - Kubecon & CNCon & PromDay highlights - Lessons learnt - Alexis TOC blog post: https://www.cncf.io/blog/2016/11/08/cloud-native-software-can-trust - I like Bryan's point about Literacy here http://www.techrepublic.com/article/silicon-valley-cto-explains-why-trump-happened/ (Dan & Chris) Exec Director's update: - Launch of Certification & why we need this & link to blog post https://www.cncf.io/blog/2016/11/08/cncf-partners-linux-foundation-launch-new-kubernetes-certification-training-managed-service-provider-program - DCO & CLA plans - Other GB updates (Dan & Chris) Future Meetings & Events - Dates for Tahoe meetup + why to attend (if you can & want to) - Dates for Kubecon/CNCon 2017 please Special Projects - - Last call: Graduation Criteria - Governance: Matt Proud - CNCF CI - Cloud Native Patterns & Example Apps: JJ - Architecture: Ken, Doug, .. AOB - Cancel Dec 21st
|
|||
|
|
|||
|
Re: Security policies for Kubernetes
Brian Grant
+mohr If you have feedback on the kubernetes proposal, please do provide that feedback on the doc or on the issue.
On Thu, Nov 10, 2016 at 10:05 AM, Nicko van Someren via cncf-toc <cncf-toc@...> wrote:
|
|||
|
|
|||
|
Re: Security policies for Kubernetes
Brandon Philips <brandon.philips@...>
Thanks Dan. I plan on pushing more on this post-KubeCon. Hopefully get PRs up against the documentation in the coming days. I will take this discussion under advisement but I think there are some clear people and process things we can get right before bike-shedding on disclosure process. Cheers, Brandon
On Thu, Nov 10, 2016 at 9:21 AM Dan Kohn <dan@...> wrote:
|
|||
|
|
|||
|
Draft graduation criteria
Dan Kohn <dan@...>
We believe we're Ready to call for a vote on the project graduation criteria. Could TOC members and others please add comments to the doc if they have additional concerns. https://docs.google.com/document/d/1l6e-hW7C3S6xJjGn47hUKKxeFBxiamAK7kn5efSryxY -- Dan Kohn <mailto:dan@linuxfoundation. Executive Director, Cloud Native Computing Foundation <https://cncf.io> tel:+1-415-233-1000
|
|||
|
|
|||
|
Re: Security policies for Kubernetes
Nicko van Someren <nicko@...>
I mailed a few of the OpenSSL team to ask them about this. Here's the reply from Rich Salz:
I hope that clarifies things. Cheers, Nicko On Thu, Nov 10, 2016 at 12:21 PM, Nicko van Someren <nicko@...> wrote:
Nicko van Someren CTO, Linux Foundation +1 (978) 821-0391
|
|||
|
|
|||
|
Re: Security policies for Kubernetes
Greg KH <gregkh@...>
On Thu, Nov 10, 2016 at 12:41:46PM -0700, Nicko van Someren wrote:
It's also worth noting that precisely because the Linux kernel team put out aAh, but I don't, I'm a horrible release maker. I did 3 releases 2 weeks ago, none last week, and then one this week. Or was it one last week, I can't remember... And all were on different days of the week, with no apparent reasoning behind when each is made[1] (some came later than announced, some earlier, and one with no announcement at all, and this was just the past 3 weeks.) So no, no one knows when our stable kernel releases are going to happen, heck, I don't even know that :) sorry, greg k-h [1] - It's my travel schedule that drives most of it, combined with when security bugs are found and fixed in Linus's tree, which happen unexpectedly as expected, or when embargos leak early, as happened with DirtyC0w[2]. [2] - DirtyC0w is proof that even when everything goes right on the project's security team side (kernel team was properly notified of problem in the wild, fix was found, backports to all relevant kernels were made and tested, embargo was planned, distros were notified ahead of time), it's really up to the other groups you notify to not mess up in order to keep it all together, which failed horribly here (embargo was leaked to the public from a distro, random companies knew there was a pending problem weeks early due to a different leak, competing OS team decides to make fun of the situatation and make a web site, etc.). So I'm really all for not telling _anyone_ outside of the project's team about security issues, as it always seems to go wrong.
|
|||
|
|
|||
|
Re: Security policies for Kubernetes
Nicko van Someren <nicko@...>
I don't disagree but in the absence of a highly regular release cadence, or in the case of an out-of-cycle release, it is still valuable to know when a new release is coming. But that's my comments, and not the OpenSSL's teams comments, I can't I will do. Thanks for raising the issue. Cheers, Nicko Nicko van Someren CTO, Linux Foundation +1 (978) 821-0391
|
|||
|
|
|||
|
Re: Security policies for Kubernetes
Greg KH <gregkh@...>
On Thu, Nov 10, 2016 at 07:21:34PM +0000, Nicko van Someren wrote:
That's interesting feedback. I was speaking to the VP of infrastructure at aUsers might get warm and fuzzies thinking that this is the only time they need to update, but really, they should be updating all the time. Announcing it ahead of time really doesn't help companies fix their infrastructure problems properly. But that's my comments, and not the OpenSSL's teams comments, I can't recall their exact reasons. I suggest talking to them at their next hackfest about it to get all of the details. thanks, greg k-h
|
|||
|
|
|||
|
Re: Security policies for Kubernetes
Nicko van Someren <nicko@...>
It's also worth noting that precisely because the Linux kernel team put out a release every single week the scheduling of IT resources for deployment is not a problem. People know in advance when your releases are going to drop. It is more valuable to have the advanced notice if you don't have a highly regular delivery schedule. Cheers, Nicko
On Thu, Nov 10, 2016 at 12:21 PM, Nicko van Someren <nicko@...> wrote:
--
Nicko van Someren CTO, Linux Foundation +1 (978) 821-0391
|
|||
|
|
|||
|
Re: Security policies for Kubernetes
Nicko van Someren <nicko@...>
That's interesting feedback. I was speaking to the VP of infrastructure at a major bank last week and he said that having a heads up from OpenSSL helps him hugely and he wished that more projects did it. I also had a request from one of the CII members asking for the same thing. Who in the OpenSSL team felt it didn't work? I would be interested to know what problems they find with this. Cheers, Nicko
On Thu, Nov 10, 2016 at 12:17 Greg KH <gregkh@...> wrote: On Thu, Nov 10, 2016 at 11:05:01AM -0700, Nicko van Someren wrote:
|
|||
|
|
|||
|
Re: Security policies for Kubernetes
Greg KH <gregkh@...>
On Thu, Nov 10, 2016 at 11:05:01AM -0700, Nicko van Someren wrote:
One thing I think would be valuable to include in the security process is forI think you might want to reconsider that, as over beers, the OpenSSL team says that this type of thing really doesn't work and just causes more problems... But hey, remember that I'm on a project that does weekly releases without telling anyone what the security fixes we made in them were, so what do I know? :) thanks, greg k-h
|
|||
|
|
|||
|
Re: Security policies for Kubernetes
Nicko van Someren <nicko@...>
Hi Alexis, Thanks for that. I read through the Google Doc and added some comments. One thing I think would be valuable to include in the security process is for there to be a broadcast mail to some 'announce' mailing list in advance of patches to high severity issues, indicating that a critical patch is imminent, with an expected release date but without full details of the issue. For large users with big IT infrastructure it may be necessary to schedule extra staff to install urgent patches quickly and having advanced notice of when this will be necessary is very helpful. Projects like OpenSSL usually send these out three days before security-critical releases (see https://goo.gl/BzElRC for examples). Cheers, Nicko
On Thu, Nov 10, 2016 at 10:26 AM, Alexis Richardson <alexis@...> wrote:
--
Nicko van Someren CTO, Linux Foundation +1 (978) 821-0391
|
|||
|
|
