cncf-toc@lists.cncf.io

Home Messages Hashtags Subgroups

Expanded

Between

and

Re: Public comment period for Ambassador Joe Beda #5585 IC4E only begs the question about what it stands for. It also doesn't set the project up, IMO, for success as the more memorable name will be with the commercial entity and it could stunt the development of the open source project outside of the commercial attachments. If this were at the Sandbox level I probably wouldn't be bringing this up, but the name change along with introduction into Incubation is something new that the CNCF hasn't seen before. I worry people will still colloquially refer to the OSS project as "Ambassador" (and documentation and install scripts still use the name). toggle quoted message Show quoted text On Thu, Jan 7, 2021 at 9:32 AM Daniel Bryant <daniel.bryant@...> wrote: Hi Joe, Matt, many thanks for your comments. @Matt, I remember you raising this in the DD document comments, and @Chris Aniszczyk suggested this would be acceptable under the trademark policy (e.g. "X for Envoy"). He suggested that we use a short name like "IC4E" in the docs and new website that would be created for the project. We originally looked to ingress-nginx as inspiration, since the community seems to have accepted this as a name even though it’s well-understood it’s not “official”. We also wanted to with a descriptive name instead of an abstract name, because we thought it would be easier for people to understand. Best wishes, Daniel On 06/01/2021 19:54, Matt Klein wrote: > I object to the name "Ingress Controller for Envoy Proxy” as that also describes Contour. This will create confusion and will be easily misread as "THE Ingress Controller for Envoy Proxy" and will violate the "no kingmakers" value of the TOC. I agree and I raised a similar concern at some point but I don't remember the outcome here. @Daniel Bryant? On Wed, Jan 6, 2021 at 10:48 AM Joe Beda <joe@...> wrote: What is the new name? The name "ambassador" is all over the docs and I'd expect to see this reframed around the new name. I object to the name "Ingress Controller for Envoy Proxy” as that also describes Contour. This will create confusion and will be easily misread as "THE Ingress Controller for Envoy Proxy" and will violate the "no kingmakers" value of the TOC. Joe On Wed, Jan 6, 2021 at 9:12 AM Matt Klein <mattklein123@...> wrote: All, Ambassador is applying for incubation status: Issue: https://github.com/cncf/toc/pull/435 DD: https://docs.google.com/document/d/1bJhfqEADNI7YSQPyi8Kmb1VvN2FaqxMFRsYvp-vZQLg/edit DD has been reviewed by myself and SIG Network and we are supportive. We are now calling for the 2 week public comment period prior to the vote. Thanks, Matt -- Daniel Bryant \| @danielbryantuk -- I like to work flexible hours (and across time zones), but please don't feel obligated to reply to this message outside of your own working hours.
More All Messages By This Member
Re: Public comment period for Ambassador Daniel Bryant <daniel.bryant@...> #5584 Hi Joe, Matt, many thanks for your comments. @Matt, I remember you raising this in the DD document comments, and @Chris Aniszczyk suggested this would be acceptable under the trademark policy (e.g. "X for Envoy"). He suggested that we use a short name like "IC4E" in the docs and new website that would be created for the project. We originally looked to ingress-nginx as inspiration, since the community seems to have accepted this as a name even though it’s well-understood it’s not “official”. We also wanted to with a descriptive name instead of an abstract name, because we thought it would be easier for people to understand. Best wishes, Daniel On 06/01/2021 19:54, Matt Klein wrote: > I object to the name "Ingress Controller for Envoy Proxy” as that also describes Contour. This will create confusion and will be easily misread as "THE Ingress Controller for Envoy Proxy" and will violate the "no kingmakers" value of the TOC. I agree and I raised a similar concern at some point but I don't remember the outcome here. @Daniel Bryant? On Wed, Jan 6, 2021 at 10:48 AM Joe Beda <joe@...> wrote: What is the new name? The name "ambassador" is all over the docs and I'd expect to see this reframed around the new name. I object to the name "Ingress Controller for Envoy Proxy” as that also describes Contour. This will create confusion and will be easily misread as "THE Ingress Controller for Envoy Proxy" and will violate the "no kingmakers" value of the TOC. Joe On Wed, Jan 6, 2021 at 9:12 AM Matt Klein <mattklein123@...> wrote: All, Ambassador is applying for incubation status: Issue: https://github.com/cncf/toc/pull/435 DD: https://docs.google.com/document/d/1bJhfqEADNI7YSQPyi8Kmb1VvN2FaqxMFRsYvp-vZQLg/edit DD has been reviewed by myself and SIG Network and we are supportive. We are now calling for the 2 week public comment period prior to the vote. Thanks, Matt -- Daniel Bryant \| @danielbryantuk -- I like to work flexible hours (and across time zones), but please don't feel obligated to reply to this message outside of your own working hours.
More
Re: FYI: Fuzzing for CNCF Projects Katie Gamanji #5583 That's a very insightful report! Would be great to see more CNCF projects using fuzzing integration to simplify vulnerability scanning and bug fixing. toggle quoted message Show quoted text On Mon, Jan 4, 2021 at 10:04 PM Lorenzo Fontana <fontanalorenz@...> wrote: Thanks for sharing, this is a very useful initiative Chris. I’ve been thinking about doing a proposal for the Falco project to adopt syzcaller[0] to perform continuous fuzzing of the inputs/language parser. I’ll bring up this topic at the next Falco community call to see what other maintainers think. Thanks again for sharing! Lore [0]: https://syzkaller.appspot.com/ On Mon, 4 Jan 2021 at 22:31 Chris Aniszczyk <caniszczyk@...> wrote: Hey TOC and the wider community, some of our projects have taken advantage of fuzzing (through oss-fuzz and other tools), also we recently funded some fuzzing/audit work for fluentbit to see the impact and usefulness: https://github.com/fluent/fluent-bit/pull/2853 I've attached a report as an output which contains all the issues found/resolved. If your project is interested in this type of work, let us know via a servicedesk request (https://github.com/cncf/servicedesk), we found it fairly useful on top of normal security audits. -- Chris Aniszczyk (@cra)
More All Messages By This Member
Re: SIG-Security Tech Lead nominations Dan Shaw #5582 +1 NB Thank you Ashutosh Narkar, Aradhana Chetal and Andres Vega for all the hard work advancing SIG-Security. Dan Shaw @dshaw Cor.dev - Solving Solved Problems 💗 toggle quoted message Show quoted text On Thu, Dec 17, 2020 at 5:43 PM Jeyappragash Jeyakeerthi <jj@...> wrote: Dear Technical Oversight Committee, On December 16th 2020, the SIG-Security co-chairs along with then TOC liason’s Liz Rice and Justin Cormack, agreed to nominate three Tech Leads for SIG-Security: Ashutosh Narkar, Aradhana Chetal and Andres Vega. “Tech leads are assigned following a 2/3 majority vote of the TOC and a 2/3 majority vote of SIG Chairs” — cncf-sig elections Thank you! Jeyappragash.J.J (On behalf of SIG-Security Chairs) TL Candidates - Dec 2020 Ashutosh Narkar Professional affiliations: Styra Github: @ashutosh-narkar Commits (4) Issues - 1, Comments (6) CNCF Projects: OPA SIG-Security Whitepaper - contributed to the security policy sections OPA Assessment - Project Lead KeyCloak Assessment - Lead Reviewer Aradhana Chetal Professional affiliations: Cloud Security Alliance Research Fellow Chair for serverless working group in CSA TIAA Github: @achetal01 CNCF Projects: n/a SIG-Security Whitepaper - refined scope and created first draft working to form a bridge between Policy WG and SIG Security meetings Andres Vega SIG-Security highlights Professional affiliations: VMWare Github: @anvega CNCF Projects: SPIFFE/SPIRE SIG-Security Security Assess. Review lead: Harbor Security Assess. Review lead: Cloud Buildpaks Security Assess. participant: SPIFFE/SPIRE Security Day program committee 2020 NA Facilitator for SIG meetings, and in general good with making calls more lively (1) Participating in organization of CN Sec. Day 2021 EU Commits (5) Issues (13)
More All Messages By This Member
Re: SIG-Security Tech Lead nominations Katie Gamanji #5581 +1 NB Katie Gamanji toggle quoted message Show quoted text On Wed, 6 Jan 2021, 16:49 Alena Prokharchyk via lists.cncf.io, <aprokharchyk=apple.com@...> wrote: +1 binding -alena. On Jan 6, 2021, at 1:34 AM, Liz Rice <liz@...> wrote: Bumping this vote, as it would be great to get the new SIG Security leads in place if others on the TOC are comfortable with these nominees ---------- Forwarded message --------- From: Justin Cormack via lists.cncf.io <justin.cormack=docker.com@...> Date: Fri, Dec 18, 2020 at 5:01 PM Subject: Re: [cncf-toc] SIG-Security Tech Lead nominations To: Jeyappragash Jeyakeerthi <jj@...> Cc: CNCF TOC <cncf-toc@...> +1 binding Justin On Fri, Dec 18, 2020 at 1:43 AM Jeyappragash Jeyakeerthi <jj@...> wrote: Dear Technical Oversight Committee, On December 16th 2020, the SIG-Security co-chairs along with then TOC liason’s Liz Rice and Justin Cormack, agreed to nominate three Tech Leads for SIG-Security: Ashutosh Narkar, Aradhana Chetal and Andres Vega. “Tech leads are assigned following a 2/3 majority vote of the TOC and a 2/3 majority vote of SIG Chairs” — cncf-sig elections Thank you! Jeyappragash.J.J (On behalf of SIG-Security Chairs) TL Candidates - Dec 2020 Ashutosh Narkar Professional affiliations: Styra Github: @ashutosh-narkar Commits (4) Issues - 1, Comments (6) CNCF Projects: OPA SIG-Security Whitepaper - contributed to the security policy sections OPA Assessment - Project Lead KeyCloak Assessment - Lead Reviewer Aradhana Chetal Professional affiliations: Cloud Security Alliance Research Fellow Chair for serverless working group in CSA TIAA Github: @achetal01 CNCF Projects: n/a SIG-Security Whitepaper - refined scope and created first draft working to form a bridge between Policy WG and SIG Security meetings Andres Vega SIG-Security highlights Professional affiliations: VMWare Github: @anvega CNCF Projects: SPIFFE/SPIRE SIG-Security Security Assess. Review lead: Harbor Security Assess. Review lead: Cloud Buildpaks Security Assess. participant: SPIFFE/SPIRE Security Day program committee 2020 NA Facilitator for SIG meetings, and in general good with making calls more lively (1) Participating in organization of CN Sec. Day 2021 EU Commits (5) Issues (13)
More All Messages By This Member
Re: Public comment period for Ambassador Matt Klein #5580 > I object to the name "Ingress Controller for Envoy Proxy” as that also describes Contour. This will create confusion and will be easily misread as "THE Ingress Controller for Envoy Proxy" and will violate the "no kingmakers" value of the TOC. I agree and I raised a similar concern at some point but I don't remember the outcome here. @Daniel Bryant? toggle quoted message Show quoted text On Wed, Jan 6, 2021 at 10:48 AM Joe Beda <joe@...> wrote: What is the new name? The name "ambassador" is all over the docs and I'd expect to see this reframed around the new name. I object to the name "Ingress Controller for Envoy Proxy” as that also describes Contour. This will create confusion and will be easily misread as "THE Ingress Controller for Envoy Proxy" and will violate the "no kingmakers" value of the TOC. Joe On Wed, Jan 6, 2021 at 9:12 AM Matt Klein <mattklein123@...> wrote: All, Ambassador is applying for incubation status: Issue: https://github.com/cncf/toc/pull/435 DD: https://docs.google.com/document/d/1bJhfqEADNI7YSQPyi8Kmb1VvN2FaqxMFRsYvp-vZQLg/edit DD has been reviewed by myself and SIG Network and we are supportive. We are now calling for the 2 week public comment period prior to the vote. Thanks, Matt
More All Messages By This Member
Re: Public comment period for Ambassador Joe Beda #5579 What is the new name? The name "ambassador" is all over the docs and I'd expect to see this reframed around the new name. I object to the name "Ingress Controller for Envoy Proxy” as that also describes Contour. This will create confusion and will be easily misread as "THE Ingress Controller for Envoy Proxy" and will violate the "no kingmakers" value of the TOC. Joe toggle quoted message Show quoted text On Wed, Jan 6, 2021 at 9:12 AM Matt Klein <mattklein123@...> wrote: All, Ambassador is applying for incubation status: Issue: https://github.com/cncf/toc/pull/435 DD: https://docs.google.com/document/d/1bJhfqEADNI7YSQPyi8Kmb1VvN2FaqxMFRsYvp-vZQLg/edit DD has been reviewed by myself and SIG Network and we are supportive. We are now calling for the 2 week public comment period prior to the vote. Thanks, Matt
More All Messages By This Member
Public comment period for Ambassador Matt Klein #5578 All, Ambassador is applying for incubation status: Issue: https://github.com/cncf/toc/pull/435 DD: https://docs.google.com/document/d/1bJhfqEADNI7YSQPyi8Kmb1VvN2FaqxMFRsYvp-vZQLg/edit DD has been reviewed by myself and SIG Network and we are supportive. We are now calling for the 2 week public comment period prior to the vote. Thanks, Matt
More All Messages By This Member
Re: SIG-Security Tech Lead nominations Alena Prokharchyk #5577 +1 binding -alena. toggle quoted message Show quoted text On Jan 6, 2021, at 1:34 AM, Liz Rice <liz@...> wrote: Bumping this vote, as it would be great to get the new SIG Security leads in place if others on the TOC are comfortable with these nominees ---------- Forwarded message --------- From: Justin Cormack via lists.cncf.io <justin.cormack=docker.com@...> Date: Fri, Dec 18, 2020 at 5:01 PM Subject: Re: [cncf-toc] SIG-Security Tech Lead nominations To: Jeyappragash Jeyakeerthi <jj@...> Cc: CNCF TOC <cncf-toc@...> +1 binding Justin On Fri, Dec 18, 2020 at 1:43 AM Jeyappragash Jeyakeerthi <jj@...> wrote: Dear Technical Oversight Committee, On December 16th 2020, the SIG-Security co-chairs along with then TOC liason’s Liz Rice and Justin Cormack, agreed to nominate three Tech Leads for SIG-Security: Ashutosh Narkar, Aradhana Chetal and Andres Vega. “Tech leads are assigned following a 2/3 majority vote of the TOC and a 2/3 majority vote of SIG Chairs” — cncf-sig elections Thank you! Jeyappragash.J.J (On behalf of SIG-Security Chairs) TL Candidates - Dec 2020 Ashutosh Narkar Professional affiliations: Styra Github: @ashutosh-narkar Commits (4) Issues - 1, Comments (6) CNCF Projects: OPA SIG-Security Whitepaper - contributed to the security policy sections OPA Assessment - Project Lead KeyCloak Assessment - Lead Reviewer Aradhana Chetal Professional affiliations: Cloud Security Alliance Research Fellow Chair for serverless working group in CSA TIAA Github: @achetal01 CNCF Projects: n/a SIG-Security Whitepaper - refined scope and created first draft working to form a bridge between Policy WG and SIG Security meetings Andres Vega SIG-Security highlights Professional affiliations: VMWare Github: @anvega CNCF Projects: SPIFFE/SPIRE SIG-Security Security Assess. Review lead: Harbor Security Assess. Review lead: Cloud Buildpaks Security Assess. participant: SPIFFE/SPIRE Security Day program committee 2020 NA Facilitator for SIG meetings, and in general good with making calls more lively (1) Participating in organization of CN Sec. Day 2021 EU Commits (5) Issues (13)
More All Messages By This Member
Re: [EXTERNAL] Re: [cncf-toc] SIG-Security Tech Lead nominations Brendan Burns #5576 +1, binding --brendan toggle quoted message Show quoted text From: cncf-toc@... <cncf-toc@...> on behalf of Dave Zolotusky via lists.cncf.io <dzolo=spotify.com@...> Sent: Wednesday, January 6, 2021 6:55:44 AM To: John Hillegass <hillegassdev@...> Cc: CNCF TOC <cncf-toc@...>; Liz Rice <liz@...> Subject: [EXTERNAL] Re: [cncf-toc] SIG-Security Tech Lead nominations +1 binding On Wed, Jan 6, 2021 at 2:34 PM John Hillegass <hillegassdev@...> wrote: +1 NB On Jan 6, 2021, 4:35 AM -0500, Liz Rice <liz@...>, wrote: Bumping this vote, as it would be great to get the new SIG Security leads in place if others on the TOC are comfortable with these nominees ---------- Forwarded message --------- From: Justin Cormack via lists.cncf.io <justin.cormack=docker.com@...> Date: Fri, Dec 18, 2020 at 5:01 PM Subject: Re: [cncf-toc] SIG-Security Tech Lead nominations To: Jeyappragash Jeyakeerthi <jj@...> Cc: CNCF TOC <cncf-toc@...> +1 binding Justin On Fri, Dec 18, 2020 at 1:43 AM Jeyappragash Jeyakeerthi <jj@...> wrote: Dear Technical Oversight Committee, On December 16th 2020, the SIG-Security co-chairs along with then TOC liason’s Liz Rice and Justin Cormack, agreed to nominate three Tech Leads for SIG-Security: Ashutosh Narkar, Aradhana Chetal and Andres Vega. “Tech leads are assigned following a 2/3 majority vote of the TOC and a 2/3 majority vote of SIG Chairs” — cncf-sig elections Thank you! Jeyappragash.J.J (On behalf of SIG-Security Chairs) TL Candidates - Dec 2020 Ashutosh Narkar Professional affiliations: Styra Github: @ashutosh-narkar Commits (4) Issues - 1, Comments (6) CNCF Projects: OPA SIG-Security Whitepaper - contributed to the security policy sections OPA Assessment - Project Lead KeyCloak Assessment - Lead Reviewer Aradhana Chetal Professional affiliations: Cloud Security Alliance Research Fellow Chair for serverless working group in CSA TIAA Github: @achetal01 CNCF Projects: n/a SIG-Security Whitepaper - refined scope and created first draft working to form a bridge between Policy WG and SIG Security meetings Andres Vega SIG-Security highlights Professional affiliations: VMWare Github: @anvega CNCF Projects: SPIFFE/SPIRE SIG-Security Security Assess. Review lead: Harbor Security Assess. Review lead: Cloud Buildpaks Security Assess. participant: SPIFFE/SPIRE Security Day program committee 2020 NA Facilitator for SIG meetings, and in general good with making calls more lively (1) Participating in organization of CN Sec. Day 2021 EU Commits (5) Issues (13) -- ~Dave
More All Messages By This Member
Re: SIG-Security Tech Lead nominations Dave Zolotusky #5575 +1 binding toggle quoted message Show quoted text On Wed, Jan 6, 2021 at 2:34 PM John Hillegass <hillegassdev@...> wrote: +1 NB On Jan 6, 2021, 4:35 AM -0500, Liz Rice <liz@...>, wrote: Bumping this vote, as it would be great to get the new SIG Security leads in place if others on the TOC are comfortable with these nominees ---------- Forwarded message --------- From: Justin Cormack via lists.cncf.io <justin.cormack=docker.com@...> Date: Fri, Dec 18, 2020 at 5:01 PM Subject: Re: [cncf-toc] SIG-Security Tech Lead nominations To: Jeyappragash Jeyakeerthi <jj@...> Cc: CNCF TOC <cncf-toc@...> +1 binding Justin On Fri, Dec 18, 2020 at 1:43 AM Jeyappragash Jeyakeerthi <jj@...> wrote: Dear Technical Oversight Committee, On December 16th 2020, the SIG-Security co-chairs along with then TOC liason’s Liz Rice and Justin Cormack, agreed to nominate three Tech Leads for SIG-Security: Ashutosh Narkar, Aradhana Chetal and Andres Vega. “Tech leads are assigned following a 2/3 majority vote of the TOC and a 2/3 majority vote of SIG Chairs” — cncf-sig elections Thank you! Jeyappragash.J.J (On behalf of SIG-Security Chairs) TL Candidates - Dec 2020 Ashutosh Narkar Professional affiliations: Styra Github: @ashutosh-narkar Commits (4) Issues - 1, Comments (6) CNCF Projects: OPA SIG-Security Whitepaper - contributed to the security policy sections OPA Assessment - Project Lead KeyCloak Assessment - Lead Reviewer Aradhana Chetal Professional affiliations: Cloud Security Alliance Research Fellow Chair for serverless working group in CSA TIAA Github: @achetal01 CNCF Projects: n/a SIG-Security Whitepaper - refined scope and created first draft working to form a bridge between Policy WG and SIG Security meetings Andres Vega SIG-Security highlights Professional affiliations: VMWare Github: @anvega CNCF Projects: SPIFFE/SPIRE SIG-Security Security Assess. Review lead: Harbor Security Assess. Review lead: Cloud Buildpaks Security Assess. participant: SPIFFE/SPIRE Security Day program committee 2020 NA Facilitator for SIG meetings, and in general good with making calls more lively (1) Participating in organization of CN Sec. Day 2021 EU Commits (5) Issues (13) -- ~Dave
More All Messages By This Member
Re: SIG-Security Tech Lead nominations John Hillegass #5574 +1 NB On Jan 6, 2021, 4:35 AM -0500, Liz Rice <liz@...>, wrote: toggle quoted message Show quoted text Bumping this vote, as it would be great to get the new SIG Security leads in place if others on the TOC are comfortable with these nominees ---------- Forwarded message --------- From: Justin Cormack via lists.cncf.io <justin.cormack=docker.com@...> Date: Fri, Dec 18, 2020 at 5:01 PM Subject: Re: [cncf-toc] SIG-Security Tech Lead nominations To: Jeyappragash Jeyakeerthi <jj@...> Cc: CNCF TOC <cncf-toc@...> +1 binding Justin On Fri, Dec 18, 2020 at 1:43 AM Jeyappragash Jeyakeerthi <jj@...> wrote: Dear Technical Oversight Committee, On December 16th 2020, the SIG-Security co-chairs along with then TOC liason’s Liz Rice and Justin Cormack, agreed to nominate three Tech Leads for SIG-Security: Ashutosh Narkar, Aradhana Chetal and Andres Vega. “Tech leads are assigned following a 2/3 majority vote of the TOC and a 2/3 majority vote of SIG Chairs” — cncf-sig elections Thank you! Jeyappragash.J.J (On behalf of SIG-Security Chairs) TL Candidates - Dec 2020 Ashutosh Narkar Professional affiliations: Styra Github: @ashutosh-narkar Commits (4) Issues - 1, Comments (6) CNCF Projects: OPA SIG-Security Whitepaper - contributed to the security policy sections OPA Assessment - Project Lead KeyCloak Assessment - Lead Reviewer Aradhana Chetal Professional affiliations: Cloud Security Alliance Research Fellow Chair for serverless working group in CSA TIAA Github: @achetal01 CNCF Projects: n/a SIG-Security Whitepaper - refined scope and created first draft working to form a bridge between Policy WG and SIG Security meetings Andres Vega SIG-Security highlights Professional affiliations: VMWare Github: @anvega CNCF Projects: SPIFFE/SPIRE SIG-Security Security Assess. Review lead: Harbor Security Assess. Review lead: Cloud Buildpaks Security Assess. participant: SPIFFE/SPIRE Security Day program committee 2020 NA Facilitator for SIG meetings, and in general good with making calls more lively (1) Participating in organization of CN Sec. Day 2021 EU Commits (5) Issues (13)
More All Messages By This Member
SIG-Security Tech Lead nominations Liz Rice #5573 Bumping this vote, as it would be great to get the new SIG Security leads in place if others on the TOC are comfortable with these nominees ---------- Forwarded message --------- From: Justin Cormack via lists.cncf.io <justin.cormack=docker.com@...> Date: Fri, Dec 18, 2020 at 5:01 PM Subject: Re: [cncf-toc] SIG-Security Tech Lead nominations To: Jeyappragash Jeyakeerthi <jj@...> Cc: CNCF TOC <cncf-toc@...> +1 binding Justin toggle quoted message Show quoted text On Fri, Dec 18, 2020 at 1:43 AM Jeyappragash Jeyakeerthi <jj@...> wrote: Dear Technical Oversight Committee, On December 16th 2020, the SIG-Security co-chairs along with then TOC liason’s Liz Rice and Justin Cormack, agreed to nominate three Tech Leads for SIG-Security: Ashutosh Narkar, Aradhana Chetal and Andres Vega. “Tech leads are assigned following a 2/3 majority vote of the TOC and a 2/3 majority vote of SIG Chairs” — cncf-sig elections Thank you! Jeyappragash.J.J (On behalf of SIG-Security Chairs) TL Candidates - Dec 2020 Ashutosh Narkar Professional affiliations: Styra Github: @ashutosh-narkar Commits (4) Issues - 1, Comments (6) CNCF Projects: OPA SIG-Security Whitepaper - contributed to the security policy sections OPA Assessment - Project Lead KeyCloak Assessment - Lead Reviewer Aradhana Chetal Professional affiliations: Cloud Security Alliance Research Fellow Chair for serverless working group in CSA TIAA Github: @achetal01 CNCF Projects: n/a SIG-Security Whitepaper - refined scope and created first draft working to form a bridge between Policy WG and SIG Security meetings Andres Vega SIG-Security highlights Professional affiliations: VMWare Github: @anvega CNCF Projects: SPIFFE/SPIRE SIG-Security Security Assess. Review lead: Harbor Security Assess. Review lead: Cloud Buildpaks Security Assess. participant: SPIFFE/SPIRE Security Day program committee 2020 NA Facilitator for SIG meetings, and in general good with making calls more lively (1) Participating in organization of CN Sec. Day 2021 EU Commits (5) Issues (13)
More All Messages By This Member
[TOC] Nominations Open through 12pm PT, January 11, 2021 Chris Aniszczyk #5572 Just a reminder about upcoming TOC elections for the GB and end user seats! Feel free to petition your GB and end user member representatives! ---------- Forwarded message --------- From: Amye Scavarda Perrin <ascavarda@...> Date: Mon, Dec 14, 2020 at 2:02 PM Subject: [cncf-toc] [TOC] Nominations Open through 12pm PT, January 11, 2021 To: CNCF TOC <cncf-toc@...> 5 seats are open for nomination by the GB and End User Community. Nominations are open for the two Selecting Groups. We will be publishing the list of qualified nominees at the end of the qualification process. Timeline: December 14: Nominations open – 12 PM PT January 11: Nominations close - 12 PM PT Jan 11: Qualification period opens Jan 25: Qualification period closes Jan 25: Election opens, Voting occurs by a time-limited Condorcet-IRV ranking in CIVS Feb 1: Election closes at 12pm Pacific, results announced -- Amye Scavarda Perrin \| Program Manager \| amye@... -- Chris Aniszczyk (@cra)
More All Messages By This Member
Re: FYI: Fuzzing for CNCF Projects Lorenzo Fontana <fontanalorenz@...> #5571 Thanks for sharing, this is a very useful initiative Chris. I’ve been thinking about doing a proposal for the Falco project to adopt syzcaller[0] to perform continuous fuzzing of the inputs/language parser. I’ll bring up this topic at the next Falco community call to see what other maintainers think. Thanks again for sharing! Lore [0]: https://syzkaller.appspot.com/ toggle quoted message Show quoted text On Mon, 4 Jan 2021 at 22:31 Chris Aniszczyk <caniszczyk@...> wrote: Hey TOC and the wider community, some of our projects have taken advantage of fuzzing (through oss-fuzz and other tools), also we recently funded some fuzzing/audit work for fluentbit to see the impact and usefulness: https://github.com/fluent/fluent-bit/pull/2853 I've attached a report as an output which contains all the issues found/resolved. If your project is interested in this type of work, let us know via a servicedesk request (https://github.com/cncf/servicedesk), we found it fairly useful on top of normal security audits. -- Chris Aniszczyk (@cra)
More All Messages By This Member
FYI: Fuzzing for CNCF Projects Chris Aniszczyk #5570 Hey TOC and the wider community, some of our projects have taken advantage of fuzzing (through oss-fuzz and other tools), also we recently funded some fuzzing/audit work for fluentbit to see the impact and usefulness: https://github.com/fluent/fluent-bit/pull/2853 I've attached a report as an output which contains all the issues found/resolved. If your project is interested in this type of work, let us know via a servicedesk request (https://github.com/cncf/servicedesk), we found it fairly useful on top of normal security audits. -- Chris Aniszczyk (@cra) cncf-fuzzing-audit.pdf cncf-fuzzing-audit.pdf
More All Messages By This Member
Agenda for 1/5 Amye Scavarda Perrin #5569 Hi all, We'll be meeting tomorrow at 8am Pacific. Agenda: https://docs.google.com/document/d/1jpoKT12jf2jTf-2EJSAl4iTdA7Aoj_uiI19qIaECNFc/edit Presentation: https://docs.google.com/presentation/d/114InXWp_s3f5gS5AFTQ5yBk0TRC03BdNU31hQCnTZOI/edit#slide=id.g25ca91f87f_0_0 Thanks! -- Amye Scavarda Perrin \| Program Manager \| amye@...
More All Messages By This Member
FYI: CNCF Annual Report 2020! Chris Aniszczyk #5568 Hey all, hope everyone is having a great 2021! At the end of last year, we posted the CNCF annual report covering what we accomplished in 2020: https://www.cncf.io/blog/2020/12/29/2020-cncf-annual-report/ Please give it a read! The CNCF staff takes quite a bit of time putting this together every year and it's amazing how much was accomplished in a wild year! -- Chris Aniszczyk (@cra) CNCF-Annual-Report-2020.pdf CNCF-Annual-Report-2020.pdf
More All Messages By This Member
Re: SIG-Security Tech Lead nominations Justin Cormack #5567 +1 binding Justin toggle quoted message Show quoted text On Fri, Dec 18, 2020 at 1:43 AM Jeyappragash Jeyakeerthi <jj@...> wrote: Dear Technical Oversight Committee, On December 16th 2020, the SIG-Security co-chairs along with then TOC liason’s Liz Rice and Justin Cormack, agreed to nominate three Tech Leads for SIG-Security: Ashutosh Narkar, Aradhana Chetal and Andres Vega. “Tech leads are assigned following a 2/3 majority vote of the TOC and a 2/3 majority vote of SIG Chairs” — cncf-sig elections Thank you! Jeyappragash.J.J (On behalf of SIG-Security Chairs) TL Candidates - Dec 2020 Ashutosh Narkar Professional affiliations: Styra Github: @ashutosh-narkar Commits (4) Issues - 1, Comments (6) CNCF Projects: OPA SIG-Security Whitepaper - contributed to the security policy sections OPA Assessment - Project Lead KeyCloak Assessment - Lead Reviewer Aradhana Chetal Professional affiliations: Cloud Security Alliance Research Fellow Chair for serverless working group in CSA TIAA Github: @achetal01 CNCF Projects: n/a SIG-Security Whitepaper - refined scope and created first draft working to form a bridge between Policy WG and SIG Security meetings Andres Vega SIG-Security highlights Professional affiliations: VMWare Github: @anvega CNCF Projects: SPIFFE/SPIRE SIG-Security Security Assess. Review lead: Harbor Security Assess. Review lead: Cloud Buildpaks Security Assess. participant: SPIFFE/SPIRE Security Day program committee 2020 NA Facilitator for SIG meetings, and in general good with making calls more lively (1) Participating in organization of CN Sec. Day 2021 EU Commits (5) Issues (13)
More All Messages By This Member
Re: SIG-Security Tech Lead nominations Brandon Lum #5566 +1 NB. I've had the chance to work with all of the nominees over various projects, issues and security assessments in the sig and they are all great candidates for tech leads! toggle quoted message Show quoted text On Fri, Dec 18, 2020, 10:58 AM Chase Pettet <chase.mp@...> wrote: A robust NB+1. I only know Andres well (and he's the bomb diggity), but I'm grateful for all of these folks. On Thu, Dec 17, 2020 at 7:43 PM Jeyappragash Jeyakeerthi <jj@...> wrote: Dear Technical Oversight Committee, On December 16th 2020, the SIG-Security co-chairs along with then TOC liason’s Liz Rice and Justin Cormack, agreed to nominate three Tech Leads for SIG-Security: Ashutosh Narkar, Aradhana Chetal and Andres Vega. “Tech leads are assigned following a 2/3 majority vote of the TOC and a 2/3 majority vote of SIG Chairs” — cncf-sig elections Thank you! Jeyappragash.J.J (On behalf of SIG-Security Chairs) TL Candidates - Dec 2020 Ashutosh Narkar Professional affiliations: Styra Github: @ashutosh-narkar Commits (4) Issues - 1, Comments (6) CNCF Projects: OPA SIG-Security Whitepaper - contributed to the security policy sections OPA Assessment - Project Lead KeyCloak Assessment - Lead Reviewer Aradhana Chetal Professional affiliations: Cloud Security Alliance Research Fellow Chair for serverless working group in CSA TIAA Github: @achetal01 CNCF Projects: n/a SIG-Security Whitepaper - refined scope and created first draft working to form a bridge between Policy WG and SIG Security meetings Andres Vega SIG-Security highlights Professional affiliations: VMWare Github: @anvega CNCF Projects: SPIFFE/SPIRE SIG-Security Security Assess. Review lead: Harbor Security Assess. Review lead: Cloud Buildpaks Security Assess. participant: SPIFFE/SPIRE Security Day program committee 2020 NA Facilitator for SIG meetings, and in general good with making calls more lively (1) Participating in organization of CN Sec. Day 2021 EU Commits (5) Issues (13)
More All Messages By This Member

2521 - 2540 of 8100

Home Hashtags Subgroups Terms