Date   

Re: CNCF Code of Conduct Community of Practice?

Davanum Srinivas
 

CC'ing CNCF-GB

I love it when plans from folks come together!

-- Dims


On Tue, May 17, 2022 at 12:40 PM Paris Pittman <paris.pittman@...> wrote:

Hi TOC and community,


 I believe we are at a point where a CNCF code of conduct community of practice will serve us well. I sat on the first Kubernetes Code of Conduct committee and many of the below ideas stemmed from my experiences there. Whether this is a body, community of practice, incident management team, etc is all up for discussion.


Would it be possible to put this on the next TOC agenda? If folks are interested in this work and at KubeCon, give a shout; even if you’re virtual, I’m hanging on CNCF Slack. 


-paris 


To help get the ball rolling for discussion, here are some rough ideas:

https://github.com/cncf/foundation/blob/main/charter.md#13-code-of-conduct


Purpose

Create a community of practice around code of conduct matters at the CNCF Community level. This community of practice could be bootstrapped by an independant committee, a working group of TAG Contributor Strategy, or another organizational design that TOC thinks would position this group for success with the ultimate goal of an independent body. This doc is not intended to be implementation details but the establishment of such a community.

Goals

  • community members creating policy and carrying out enforcement
  • creating a safe space for reporters
  • Focus on mediation rather than ligitation. goals of having a community member/body take reports vs CNCF staff and lawyers. 
  • cncf community members, project contributors, toc, ambassadors, and cncf staff would have this as a resource
  • build trust via community involvement and transparency reporting 

NonGoals

  • require changes to projects that already have defined code of conduct systems in place that aren’t LF support; eg Kubernetes Code of Conduct Committee

Knowns

  • Kubernetes has a code of conduct committee. It was created independently due to scale, our values, and desire for a community run program. https://github.com/kubernetes/community/blob/master/committee-code-of-conduct/bootstrapping-process.md
  • OpenTelemetry’s GC acts as a CoCC.
  • All other projects, which are governed by CNCF staff, go to Chris A or Priyanka as first step
  • CNCF Staff consults with laywers to enforce their code of conduct; this is seen as a power differential in the community; “a business approach”
  • Most CoC language on LF sites are geared towards events and not other situations or related conduct matters
  • There have been issues in the past with community members confused on where to file issues, who enforces, and where/when at cloud native related events. Example: If its “kubecon” does that mean conduct@...?

Responsibilities and Composition

  • Nominations from TOC and community; TOC shortlist for qualifications; community votes
  • everyone gets training
  • initial group bootstraps the function
    • build out policies and procedures that fit with the ecosystem
    • create roles and teams
    • create a charter

Opportunities

  • Allows CNCF staff to focus on project operations and membership vs mediating community challenges and incidents. Instead puts mediation and enforcement into the community. 
  • focus on mediation vs litigation.
  • incident management and transparecy reporting //build out an incident management team
  • projects can plug into this with better incident reporting structures than contact someone an attorney at Linux Foundation
  • projects can have liasion reps which can then feed into staffing for incident response groups

Next Steps

  • Discuss at a TOC meeting
  • Bring in current and emeritus Kubernetes CoCC to help formulate and bootstrap discussions
  • Bring in project maintainers from CNCF projects; possiby create a special Maintainers Circle for this topic

Open Questions

  • We would need this to be an independent body. Where would that sit?
  • can an overarching committee have sufficient visibility into project-specific context to offer quality outcomes around restoration after an incident?
  • Does a CoC action taken in one project affect a contributor’s ability to participate in other CNCF projects?
  • Escalation path for events?
  • Liability coverage for Committee decisions




--
Davanum Srinivas :: https://twitter.com/dims


Re: CNCF Code of Conduct Community of Practice?

Josh Berkus
 

 I believe we are at a point where a CNCF code of conduct community of practice will serve us well. I sat on the first Kubernetes Code of Conduct committee and many of the below ideas stemmed from my experiences there. Whether this is a body, community of practice, incident management team, etc is all up for discussion.
TAG-CS is, of course, happy to support.

Personally, I would be particularly interested in figuring out some kind of CoCC support for smaller projects.

--
-- Josh Berkus
Kubernetes Community Architect
OSPO, OCTO


Re: CNCF Code of Conduct Community of Practice?

Jaice Singer DuMars
 

I am strongly supportive of this initiative. I was on the original Kubernetes CoCC with Paris for 2 years and am happy to participate in this formation in whatever capacity is needed to serve the community.

On Tue, May 17, 2022 at 5:50 AM Diane Mueller <dmueller2001@...> wrote:
+1 and happy to help in anyway I can!



On Tue, May 17, 2022 at 2:39 PM Brandon Lum <lumjjb@...> wrote:
+1!!!! For TAG security, we had added additional practice guidelines, as a start. So, it would definitely help if we had a forum or committee for this discussion!

On Tue, May 17, 2022 at 2:20 PM Chris Short via lists.cncf.io <cbshort=amazon.com@...> wrote:
HUGE +1 to this.

Chris Short
He/Him/His
Sr. Developer Advocate, AWS Kubernetes (GitOps)
TZ=America/Detroit

On May 17, 2022, at 13:19, Stephen Augustus (augustus) via lists.cncf.io <augustus=cisco.com@...> wrote:



CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.


This is wonderful idea, Paris. +1!

---


Stephen Augustus (he/him)

Head of Open Source

augustus@...


My working hours may not be your working hours.

Please do not feel obligated to reply outside of your normal work schedule.



From: cncf-toc@... <cncf-toc@...> on behalf of Paris Pittman <paris.pittman@...>
Sent: Tuesday, May 17, 2022, 06:41
To: CNCF TOC <cncf-toc@...>
Subject: [cncf-toc] CNCF Code of Conduct Community of Practice?

Hi TOC and community,


 I believe we are at a point where a CNCF code of conduct community of practice will serve us well. I sat on the first Kubernetes Code of Conduct committee and many of the below ideas stemmed from my experiences there. Whether this is a body, community of practice, incident management team, etc is all up for discussion.


Would it be possible to put this on the next TOC agenda? If folks are interested in this work and at KubeCon, give a shout; even if you’re virtual, I’m hanging on CNCF Slack. 


-paris 


To help get the ball rolling for discussion, here are some rough ideas:

https://github.com/cncf/foundation/blob/main/charter.md#13-code-of-conduct


Purpose

Create a community of practice around code of conduct matters at the CNCF Community level. This community of practice could be bootstrapped by an independant committee, a working group of TAG Contributor Strategy, or another organizational design that TOC thinks would position this group for success with the ultimate goal of an independent body. This doc is not intended to be implementation details but the establishment of such a community.

Goals

  • community members creating policy and carrying out enforcement
  • creating a safe space for reporters
  • Focus on mediation rather than ligitation. goals of having a community member/body take reports vs CNCF staff and lawyers. 
  • cncf community members, project contributors, toc, ambassadors, and cncf staff would have this as a resource
  • build trust via community involvement and transparency reporting 

NonGoals

  • require changes to projects that already have defined code of conduct systems in place that aren’t LF support; eg Kubernetes Code of Conduct Committee

Knowns

  • Kubernetes has a code of conduct committee. It was created independently due to scale, our values, and desire for a community run program. https://github.com/kubernetes/community/blob/master/committee-code-of-conduct/bootstrapping-process.md
  • OpenTelemetry’s GC acts as a CoCC.
  • All other projects, which are governed by CNCF staff, go to Chris A or Priyanka as first step
  • CNCF Staff consults with laywers to enforce their code of conduct; this is seen as a power differential in the community; “a business approach”
  • Most CoC language on LF sites are geared towards events and not other situations or related conduct matters
  • There have been issues in the past with community members confused on where to file issues, who enforces, and where/when at cloud native related events. Example: If its “kubecon” does that mean conduct@...?

Responsibilities and Composition

  • Nominations from TOC and community; TOC shortlist for qualifications; community votes
  • everyone gets training
  • initial group bootstraps the function
    • build out policies and procedures that fit with the ecosystem
    • create roles and teams
    • create a charter

Opportunities

  • Allows CNCF staff to focus on project operations and membership vs mediating community challenges and incidents. Instead puts mediation and enforcement into the community. 
  • focus on mediation vs litigation.
  • incident management and transparecy reporting //build out an incident management team
  • projects can plug into this with better incident reporting structures than contact someone an attorney at Linux Foundation
  • projects can have liasion reps which can then feed into staffing for incident response groups

Next Steps

  • Discuss at a TOC meeting
  • Bring in current and emeritus Kubernetes CoCC to help formulate and bootstrap discussions
  • Bring in project maintainers from CNCF projects; possiby create a special Maintainers Circle for this topic

Open Questions

  • We would need this to be an independent body. Where would that sit?
  • can an overarching committee have sufficient visibility into project-specific context to offer quality outcomes around restoration after an incident?
  • Does a CoC action taken in one project affect a contributor’s ability to participate in other CNCF projects?
  • Escalation path for events?
  • Liability coverage for Committee decisions



--
Diane Mueller

(mobile) 604.765.3635
(twitter) pythondj
(skype) xbrlspy
(email) dmueller2001@...



This email is intended only for the person or entity to which it is addressed and may contain confidential information and/or privileged information. Any use of this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the email and all copies (electronic or otherwise) immediately. Thank you.


Re: CNCF Code of Conduct Community of Practice?

Diane Mueller
 

+1 and happy to help in anyway I can!



On Tue, May 17, 2022 at 2:39 PM Brandon Lum <lumjjb@...> wrote:
+1!!!! For TAG security, we had added additional practice guidelines, as a start. So, it would definitely help if we had a forum or committee for this discussion!

On Tue, May 17, 2022 at 2:20 PM Chris Short via lists.cncf.io <cbshort=amazon.com@...> wrote:
HUGE +1 to this.

Chris Short
He/Him/His
Sr. Developer Advocate, AWS Kubernetes (GitOps)
TZ=America/Detroit

On May 17, 2022, at 13:19, Stephen Augustus (augustus) via lists.cncf.io <augustus=cisco.com@...> wrote:



CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.


This is wonderful idea, Paris. +1!

---


Stephen Augustus (he/him)

Head of Open Source

augustus@...


My working hours may not be your working hours.

Please do not feel obligated to reply outside of your normal work schedule.



From: cncf-toc@... <cncf-toc@...> on behalf of Paris Pittman <paris.pittman@...>
Sent: Tuesday, May 17, 2022, 06:41
To: CNCF TOC <cncf-toc@...>
Subject: [cncf-toc] CNCF Code of Conduct Community of Practice?

Hi TOC and community,


 I believe we are at a point where a CNCF code of conduct community of practice will serve us well. I sat on the first Kubernetes Code of Conduct committee and many of the below ideas stemmed from my experiences there. Whether this is a body, community of practice, incident management team, etc is all up for discussion.


Would it be possible to put this on the next TOC agenda? If folks are interested in this work and at KubeCon, give a shout; even if you’re virtual, I’m hanging on CNCF Slack. 


-paris 


To help get the ball rolling for discussion, here are some rough ideas:

https://github.com/cncf/foundation/blob/main/charter.md#13-code-of-conduct


Purpose

Create a community of practice around code of conduct matters at the CNCF Community level. This community of practice could be bootstrapped by an independant committee, a working group of TAG Contributor Strategy, or another organizational design that TOC thinks would position this group for success with the ultimate goal of an independent body. This doc is not intended to be implementation details but the establishment of such a community.

Goals

  • community members creating policy and carrying out enforcement
  • creating a safe space for reporters
  • Focus on mediation rather than ligitation. goals of having a community member/body take reports vs CNCF staff and lawyers. 
  • cncf community members, project contributors, toc, ambassadors, and cncf staff would have this as a resource
  • build trust via community involvement and transparency reporting 

NonGoals

  • require changes to projects that already have defined code of conduct systems in place that aren’t LF support; eg Kubernetes Code of Conduct Committee

Knowns

  • Kubernetes has a code of conduct committee. It was created independently due to scale, our values, and desire for a community run program. https://github.com/kubernetes/community/blob/master/committee-code-of-conduct/bootstrapping-process.md
  • OpenTelemetry’s GC acts as a CoCC.
  • All other projects, which are governed by CNCF staff, go to Chris A or Priyanka as first step
  • CNCF Staff consults with laywers to enforce their code of conduct; this is seen as a power differential in the community; “a business approach”
  • Most CoC language on LF sites are geared towards events and not other situations or related conduct matters
  • There have been issues in the past with community members confused on where to file issues, who enforces, and where/when at cloud native related events. Example: If its “kubecon” does that mean conduct@...?

Responsibilities and Composition

  • Nominations from TOC and community; TOC shortlist for qualifications; community votes
  • everyone gets training
  • initial group bootstraps the function
    • build out policies and procedures that fit with the ecosystem
    • create roles and teams
    • create a charter

Opportunities

  • Allows CNCF staff to focus on project operations and membership vs mediating community challenges and incidents. Instead puts mediation and enforcement into the community. 
  • focus on mediation vs litigation.
  • incident management and transparecy reporting //build out an incident management team
  • projects can plug into this with better incident reporting structures than contact someone an attorney at Linux Foundation
  • projects can have liasion reps which can then feed into staffing for incident response groups

Next Steps

  • Discuss at a TOC meeting
  • Bring in current and emeritus Kubernetes CoCC to help formulate and bootstrap discussions
  • Bring in project maintainers from CNCF projects; possiby create a special Maintainers Circle for this topic

Open Questions

  • We would need this to be an independent body. Where would that sit?
  • can an overarching committee have sufficient visibility into project-specific context to offer quality outcomes around restoration after an incident?
  • Does a CoC action taken in one project affect a contributor’s ability to participate in other CNCF projects?
  • Escalation path for events?
  • Liability coverage for Committee decisions



--
Diane Mueller

(mobile) 604.765.3635
(twitter) pythondj
(skype) xbrlspy
(email) dmueller2001@...



This email is intended only for the person or entity to which it is addressed and may contain confidential information and/or privileged information. Any use of this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the email and all copies (electronic or otherwise) immediately. Thank you.


Re: CNCF Code of Conduct Community of Practice?

Brandon Lum
 

+1!!!! For TAG security, we had added additional practice guidelines, as a start. So, it would definitely help if we had a forum or committee for this discussion!


On Tue, May 17, 2022 at 2:20 PM Chris Short via lists.cncf.io <cbshort=amazon.com@...> wrote:
HUGE +1 to this.

Chris Short
He/Him/His
Sr. Developer Advocate, AWS Kubernetes (GitOps)
TZ=America/Detroit

On May 17, 2022, at 13:19, Stephen Augustus (augustus) via lists.cncf.io <augustus=cisco.com@...> wrote:



CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.


This is wonderful idea, Paris. +1!

---


Stephen Augustus (he/him)

Head of Open Source

augustus@...


My working hours may not be your working hours.

Please do not feel obligated to reply outside of your normal work schedule.



From: cncf-toc@... <cncf-toc@...> on behalf of Paris Pittman <paris.pittman@...>
Sent: Tuesday, May 17, 2022, 06:41
To: CNCF TOC <cncf-toc@...>
Subject: [cncf-toc] CNCF Code of Conduct Community of Practice?

Hi TOC and community,


 I believe we are at a point where a CNCF code of conduct community of practice will serve us well. I sat on the first Kubernetes Code of Conduct committee and many of the below ideas stemmed from my experiences there. Whether this is a body, community of practice, incident management team, etc is all up for discussion.


Would it be possible to put this on the next TOC agenda? If folks are interested in this work and at KubeCon, give a shout; even if you’re virtual, I’m hanging on CNCF Slack. 


-paris 


To help get the ball rolling for discussion, here are some rough ideas:

https://github.com/cncf/foundation/blob/main/charter.md#13-code-of-conduct


Purpose

Create a community of practice around code of conduct matters at the CNCF Community level. This community of practice could be bootstrapped by an independant committee, a working group of TAG Contributor Strategy, or another organizational design that TOC thinks would position this group for success with the ultimate goal of an independent body. This doc is not intended to be implementation details but the establishment of such a community.

Goals

  • community members creating policy and carrying out enforcement
  • creating a safe space for reporters
  • Focus on mediation rather than ligitation. goals of having a community member/body take reports vs CNCF staff and lawyers. 
  • cncf community members, project contributors, toc, ambassadors, and cncf staff would have this as a resource
  • build trust via community involvement and transparency reporting 

NonGoals

  • require changes to projects that already have defined code of conduct systems in place that aren’t LF support; eg Kubernetes Code of Conduct Committee

Knowns

  • Kubernetes has a code of conduct committee. It was created independently due to scale, our values, and desire for a community run program. https://github.com/kubernetes/community/blob/master/committee-code-of-conduct/bootstrapping-process.md
  • OpenTelemetry’s GC acts as a CoCC.
  • All other projects, which are governed by CNCF staff, go to Chris A or Priyanka as first step
  • CNCF Staff consults with laywers to enforce their code of conduct; this is seen as a power differential in the community; “a business approach”
  • Most CoC language on LF sites are geared towards events and not other situations or related conduct matters
  • There have been issues in the past with community members confused on where to file issues, who enforces, and where/when at cloud native related events. Example: If its “kubecon” does that mean conduct@...?

Responsibilities and Composition

  • Nominations from TOC and community; TOC shortlist for qualifications; community votes
  • everyone gets training
  • initial group bootstraps the function
    • build out policies and procedures that fit with the ecosystem
    • create roles and teams
    • create a charter

Opportunities

  • Allows CNCF staff to focus on project operations and membership vs mediating community challenges and incidents. Instead puts mediation and enforcement into the community. 
  • focus on mediation vs litigation.
  • incident management and transparecy reporting //build out an incident management team
  • projects can plug into this with better incident reporting structures than contact someone an attorney at Linux Foundation
  • projects can have liasion reps which can then feed into staffing for incident response groups

Next Steps

  • Discuss at a TOC meeting
  • Bring in current and emeritus Kubernetes CoCC to help formulate and bootstrap discussions
  • Bring in project maintainers from CNCF projects; possiby create a special Maintainers Circle for this topic

Open Questions

  • We would need this to be an independent body. Where would that sit?
  • can an overarching committee have sufficient visibility into project-specific context to offer quality outcomes around restoration after an incident?
  • Does a CoC action taken in one project affect a contributor’s ability to participate in other CNCF projects?
  • Escalation path for events?
  • Liability coverage for Committee decisions




Re: CNCF Code of Conduct Community of Practice?

Chris Short
 

HUGE +1 to this.

Chris Short
He/Him/His
Sr. Developer Advocate, AWS Kubernetes (GitOps)
TZ=America/Detroit

On May 17, 2022, at 13:19, Stephen Augustus (augustus) via lists.cncf.io <augustus=cisco.com@...> wrote:



CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.


This is wonderful idea, Paris. +1!

---


Stephen Augustus (he/him)

Head of Open Source

augustus@...


My working hours may not be your working hours.

Please do not feel obligated to reply outside of your normal work schedule.



From: cncf-toc@... <cncf-toc@...> on behalf of Paris Pittman <paris.pittman@...>
Sent: Tuesday, May 17, 2022, 06:41
To: CNCF TOC <cncf-toc@...>
Subject: [cncf-toc] CNCF Code of Conduct Community of Practice?

Hi TOC and community,


 I believe we are at a point where a CNCF code of conduct community of practice will serve us well. I sat on the first Kubernetes Code of Conduct committee and many of the below ideas stemmed from my experiences there. Whether this is a body, community of practice, incident management team, etc is all up for discussion.


Would it be possible to put this on the next TOC agenda? If folks are interested in this work and at KubeCon, give a shout; even if you’re virtual, I’m hanging on CNCF Slack. 


-paris 


To help get the ball rolling for discussion, here are some rough ideas:

https://github.com/cncf/foundation/blob/main/charter.md#13-code-of-conduct


Purpose

Create a community of practice around code of conduct matters at the CNCF Community level. This community of practice could be bootstrapped by an independant committee, a working group of TAG Contributor Strategy, or another organizational design that TOC thinks would position this group for success with the ultimate goal of an independent body. This doc is not intended to be implementation details but the establishment of such a community.

Goals

  • community members creating policy and carrying out enforcement
  • creating a safe space for reporters
  • Focus on mediation rather than ligitation. goals of having a community member/body take reports vs CNCF staff and lawyers. 
  • cncf community members, project contributors, toc, ambassadors, and cncf staff would have this as a resource
  • build trust via community involvement and transparency reporting 

NonGoals

  • require changes to projects that already have defined code of conduct systems in place that aren’t LF support; eg Kubernetes Code of Conduct Committee

Knowns

  • Kubernetes has a code of conduct committee. It was created independently due to scale, our values, and desire for a community run program. https://github.com/kubernetes/community/blob/master/committee-code-of-conduct/bootstrapping-process.md
  • OpenTelemetry’s GC acts as a CoCC.
  • All other projects, which are governed by CNCF staff, go to Chris A or Priyanka as first step
  • CNCF Staff consults with laywers to enforce their code of conduct; this is seen as a power differential in the community; “a business approach”
  • Most CoC language on LF sites are geared towards events and not other situations or related conduct matters
  • There have been issues in the past with community members confused on where to file issues, who enforces, and where/when at cloud native related events. Example: If its “kubecon” does that mean conduct@...?

Responsibilities and Composition

  • Nominations from TOC and community; TOC shortlist for qualifications; community votes
  • everyone gets training
  • initial group bootstraps the function
    • build out policies and procedures that fit with the ecosystem
    • create roles and teams
    • create a charter

Opportunities

  • Allows CNCF staff to focus on project operations and membership vs mediating community challenges and incidents. Instead puts mediation and enforcement into the community. 
  • focus on mediation vs litigation.
  • incident management and transparecy reporting //build out an incident management team
  • projects can plug into this with better incident reporting structures than contact someone an attorney at Linux Foundation
  • projects can have liasion reps which can then feed into staffing for incident response groups

Next Steps

  • Discuss at a TOC meeting
  • Bring in current and emeritus Kubernetes CoCC to help formulate and bootstrap discussions
  • Bring in project maintainers from CNCF projects; possiby create a special Maintainers Circle for this topic

Open Questions

  • We would need this to be an independent body. Where would that sit?
  • can an overarching committee have sufficient visibility into project-specific context to offer quality outcomes around restoration after an incident?
  • Does a CoC action taken in one project affect a contributor’s ability to participate in other CNCF projects?
  • Escalation path for events?
  • Liability coverage for Committee decisions




Re: CNCF Code of Conduct Community of Practice?

Stephen Augustus (augustus)
 

This is wonderful idea, Paris. +1!

---


Stephen Augustus (he/him)

Head of Open Source

augustus@...


My working hours may not be your working hours.

Please do not feel obligated to reply outside of your normal work schedule.



From: cncf-toc@... <cncf-toc@...> on behalf of Paris Pittman <paris.pittman@...>
Sent: Tuesday, May 17, 2022, 06:41
To: CNCF TOC <cncf-toc@...>
Subject: [cncf-toc] CNCF Code of Conduct Community of Practice?

Hi TOC and community,


 I believe we are at a point where a CNCF code of conduct community of practice will serve us well. I sat on the first Kubernetes Code of Conduct committee and many of the below ideas stemmed from my experiences there. Whether this is a body, community of practice, incident management team, etc is all up for discussion.


Would it be possible to put this on the next TOC agenda? If folks are interested in this work and at KubeCon, give a shout; even if you’re virtual, I’m hanging on CNCF Slack. 


-paris 


To help get the ball rolling for discussion, here are some rough ideas:

https://github.com/cncf/foundation/blob/main/charter.md#13-code-of-conduct


Purpose

Create a community of practice around code of conduct matters at the CNCF Community level. This community of practice could be bootstrapped by an independant committee, a working group of TAG Contributor Strategy, or another organizational design that TOC thinks would position this group for success with the ultimate goal of an independent body. This doc is not intended to be implementation details but the establishment of such a community.

Goals

  • community members creating policy and carrying out enforcement
  • creating a safe space for reporters
  • Focus on mediation rather than ligitation. goals of having a community member/body take reports vs CNCF staff and lawyers. 
  • cncf community members, project contributors, toc, ambassadors, and cncf staff would have this as a resource
  • build trust via community involvement and transparency reporting 

NonGoals

  • require changes to projects that already have defined code of conduct systems in place that aren’t LF support; eg Kubernetes Code of Conduct Committee

Knowns

  • Kubernetes has a code of conduct committee. It was created independently due to scale, our values, and desire for a community run program. https://github.com/kubernetes/community/blob/master/committee-code-of-conduct/bootstrapping-process.md
  • OpenTelemetry’s GC acts as a CoCC.
  • All other projects, which are governed by CNCF staff, go to Chris A or Priyanka as first step
  • CNCF Staff consults with laywers to enforce their code of conduct; this is seen as a power differential in the community; “a business approach”
  • Most CoC language on LF sites are geared towards events and not other situations or related conduct matters
  • There have been issues in the past with community members confused on where to file issues, who enforces, and where/when at cloud native related events. Example: If its “kubecon” does that mean conduct@...?

Responsibilities and Composition

  • Nominations from TOC and community; TOC shortlist for qualifications; community votes
  • everyone gets training
  • initial group bootstraps the function
    • build out policies and procedures that fit with the ecosystem
    • create roles and teams
    • create a charter

Opportunities

  • Allows CNCF staff to focus on project operations and membership vs mediating community challenges and incidents. Instead puts mediation and enforcement into the community. 
  • focus on mediation vs litigation.
  • incident management and transparecy reporting //build out an incident management team
  • projects can plug into this with better incident reporting structures than contact someone an attorney at Linux Foundation
  • projects can have liasion reps which can then feed into staffing for incident response groups

Next Steps

  • Discuss at a TOC meeting
  • Bring in current and emeritus Kubernetes CoCC to help formulate and bootstrap discussions
  • Bring in project maintainers from CNCF projects; possiby create a special Maintainers Circle for this topic

Open Questions

  • We would need this to be an independent body. Where would that sit?
  • can an overarching committee have sufficient visibility into project-specific context to offer quality outcomes around restoration after an incident?
  • Does a CoC action taken in one project affect a contributor’s ability to participate in other CNCF projects?
  • Escalation path for events?
  • Liability coverage for Committee decisions




CNCF Code of Conduct Community of Practice?

Paris Pittman
 

Hi TOC and community,


 I believe we are at a point where a CNCF code of conduct community of practice will serve us well. I sat on the first Kubernetes Code of Conduct committee and many of the below ideas stemmed from my experiences there. Whether this is a body, community of practice, incident management team, etc is all up for discussion.


Would it be possible to put this on the next TOC agenda? If folks are interested in this work and at KubeCon, give a shout; even if you’re virtual, I’m hanging on CNCF Slack. 


-paris 


To help get the ball rolling for discussion, here are some rough ideas:

https://github.com/cncf/foundation/blob/main/charter.md#13-code-of-conduct


Purpose

Create a community of practice around code of conduct matters at the CNCF Community level. This community of practice could be bootstrapped by an independant committee, a working group of TAG Contributor Strategy, or another organizational design that TOC thinks would position this group for success with the ultimate goal of an independent body. This doc is not intended to be implementation details but the establishment of such a community.

Goals

  • community members creating policy and carrying out enforcement
  • creating a safe space for reporters
  • Focus on mediation rather than ligitation. goals of having a community member/body take reports vs CNCF staff and lawyers. 
  • cncf community members, project contributors, toc, ambassadors, and cncf staff would have this as a resource
  • build trust via community involvement and transparency reporting 

NonGoals

  • require changes to projects that already have defined code of conduct systems in place that aren’t LF support; eg Kubernetes Code of Conduct Committee

Knowns

  • Kubernetes has a code of conduct committee. It was created independently due to scale, our values, and desire for a community run program. https://github.com/kubernetes/community/blob/master/committee-code-of-conduct/bootstrapping-process.md
  • OpenTelemetry’s GC acts as a CoCC.
  • All other projects, which are governed by CNCF staff, go to Chris A or Priyanka as first step
  • CNCF Staff consults with laywers to enforce their code of conduct; this is seen as a power differential in the community; “a business approach”
  • Most CoC language on LF sites are geared towards events and not other situations or related conduct matters
  • There have been issues in the past with community members confused on where to file issues, who enforces, and where/when at cloud native related events. Example: If its “kubecon” does that mean conduct@...?

Responsibilities and Composition

  • Nominations from TOC and community; TOC shortlist for qualifications; community votes
  • everyone gets training
  • initial group bootstraps the function
    • build out policies and procedures that fit with the ecosystem
    • create roles and teams
    • create a charter

Opportunities

  • Allows CNCF staff to focus on project operations and membership vs mediating community challenges and incidents. Instead puts mediation and enforcement into the community. 
  • focus on mediation vs litigation.
  • incident management and transparecy reporting //build out an incident management team
  • projects can plug into this with better incident reporting structures than contact someone an attorney at Linux Foundation
  • projects can have liasion reps which can then feed into staffing for incident response groups

Next Steps

  • Discuss at a TOC meeting
  • Bring in current and emeritus Kubernetes CoCC to help formulate and bootstrap discussions
  • Bring in project maintainers from CNCF projects; possiby create a special Maintainers Circle for this topic

Open Questions

  • We would need this to be an independent body. Where would that sit?
  • can an overarching committee have sufficient visibility into project-specific context to offer quality outcomes around restoration after an incident?
  • Does a CoC action taken in one project affect a contributor’s ability to participate in other CNCF projects?
  • Escalation path for events?
  • Liability coverage for Committee decisions



[cncf-tag-security] RFC Cloud Native Serverless Security Whitepaper

Chris Aniszczyk
 

FYI

---------- Forwarded message ---------
From: Brandon Lum <lumjjb@...>
Date: Tue, May 17, 2022 at 11:50 AM
Subject: [cncf-tag-security] RFC Cloud Native Serverless Security Whitepaper
To: <cncf-tag-security@...>


Security Enthusiasts!

CNCF Security Tag is looking to embark on another tech security adventure! The community has come together to create a Cloud Native Serverless Security Whitepaper. We'd like some help.

We want you!

This is where you (yes you!) come in. We're looking for community members and colleagues to help review and add comments on the whitepaper, tracked under issue 546 , so that we can provide the cloud native community with guidance on cloud native serverless security! We hope you can join us on this significant contribution opportunity. RFC will be open till May 31st 2022.

Ready to dive in?

Review and add your comments on the whitepaper and join the #tag-security-serverless-whitepaper Slack channel!


Cheers

R. Racoon



--
Chris Aniszczyk (@cra)


Piraeus-Datastore-2022-Annual Review

Moritz Wanzenböck <moritz.wanzenboeck@...>
 

Hi TOC,

We from Piraeus-Datastore finally managed to put together our very
first annual review:

https://github.com/cncf/toc/pull/839

Thanks,
Moritz


Re: LFX Mentorship '22 Summer Semester

Oleg Nenashev
 

Hello,

Just discovered this thread, sadly we somehow missed the original message in the community. Would it make sense to extend the deadlines beyond May 19th? There're pending decisions in Google Summer of Code, and some projects (including ours) do not know which projects will be accepted. Usually mentoring orgs get less slots than they have proposals, so they may use LFX Mentorship as an opportunity to run feasible projects that they were unable to accept to GSoC. This year the organizations will know which projects were accepted only on May 19.

Best regards,
Oleg Nenashev
Keptn

On Wed, May 4, 2022 at 11:20 PM Nate Waddington <nwaddington@...> wrote:
Hello everyone!

Just a reminder that the cutoff for making project proposals is May 8th!

This is a great opportunity to have a paid mentee help with your projects.



Cheers,
Nate

On Apr 25, 2022, at 5:31 PM, Nate Waddington <nwaddington@...> wrote:

Hello everyone!

The LFX Mentorship '22 Summer semester is open now open for project ideas: https://github.com/cncf/mentoring/tree/main/lfx-mentorship/2022/02-Summer 

We have compressed the administration schedule to work around the LF All hands and KubeCon events this year. The semester is the same length as it has been in previous years.

Project submission and application timeline:
  • mentorships available on LFX Mentorship: May 8th, 2021
  • applications open: May 9th - May 24th (2 weeks)
  • application review/admission decisions/HR paperwork: May 25th - May 31st

We're looking forward to seeing all the project ideas you're interested in working on over the summer!


Cheers,
Nate


Re: [RESULT] WG Environmental Conservation/Sustainability approved

Koerbaecher Max
 

Thank you very much for all of your support and votes for this Working Group!

We started shaping the WG, therefore I want to give you a last update (for now) on this mailing list.
Please subscribe to our mailing list if you want to be included in discussion and updates: https://lists.cncf.io/g/cncf-wg-env-sustainability/
You can also find us at the CNCF slack: https://cloud-native.slack.com/archives/C03F270PDU6

Last but not least, we are looking for a suitable time slot for setting up a regular meeting: https://doodle.com/meeting/participate/id/dL9yKBXe

Again, thank you and I’m very excited to get the things rolling!

Max



Am 10.05.2022 um 20:31 schrieb Amye Scavarda Perrin <ascavarda@...>:

The vote establishing a working group for Environmental Conservation/Sustainability has been approved by a majority of the TOC - https://lists.cncf.io/g/cncf-toc/message/6862
8/10
Davanum Srinivas: https://lists.cncf.io/g/cncf-toc/message/6877
Erin Boyd: https://lists.cncf.io/g/cncf-toc/message/6881
Dave Zolotusky: https://lists.cncf.io/g/cncf-toc/message/6887
Katie Gamanji: https://lists.cncf.io/g/cncf-toc/message/6893
Ricardo Rocha: https://lists.cncf.io/g/cncf-toc/message/6901
Emily Fox: https://lists.cncf.io/g/cncf-toc/message/6902
Richard Hartmann: https://lists.cncf.io/g/cncf-toc/message/6910
Matt Farina: https://lists.cncf.io/g/cncf-toc/message/6948

+1 NB:
Libby Meren: https://lists.cncf.io/g/cncf-toc/message/6865
Jim St. Leger: https://lists.cncf.io/g/cncf-toc/message/6866
Michel Murabito: https://lists.cncf.io/g/cncf-toc/message/6867
Herve LeClerc: https://lists.cncf.io/g/cncf-toc/message/6868
Wojtek Cichoń: https://lists.cncf.io/g/cncf-toc/message/6869
Max Körbächer: https://lists.cncf.io/g/cncf-toc/message/6870
Dawn Foster: https://lists.cncf.io/g/cncf-toc/message/6871
Erik Riedel: https://lists.cncf.io/g/cncf-toc/message/6872
Alex Jones: https://lists.cncf.io/g/cncf-toc/message/6873
Alexis Richardson: https://lists.cncf.io/g/cncf-toc/message/6874
Huamin Chen: https://lists.cncf.io/g/cncf-toc/message/6875
Liz Rice: https://lists.cncf.io/g/cncf-toc/message/6876
Philippe Robin: https://lists.cncf.io/g/cncf-toc/message/6878
Chris Short: https://lists.cncf.io/g/cncf-toc/message/6879
Parul Singh: https://lists.cncf.io/g/cncf-toc/message/6880
Scott Rigby: https://lists.cncf.io/g/cncf-toc/message/6882
Max Jonas Werner: https://lists.cncf.io/g/cncf-toc/message/6883
Cdelia: https://lists.cncf.io/g/cncf-toc/message/6884
Joel Birchler: https://lists.cncf.io/g/cncf-toc/message/6885
R.Levensalor: https://lists.cncf.io/g/cncf-toc/message/6886
Cathy Zhang: https://lists.cncf.io/g/cncf-toc/message/6888
Randy Abernathy: https://lists.cncf.io/g/cncf-toc/message/6889
Scott Reeley: https://lists.cncf.io/g/cncf-toc/message/6890
Divya Mohan: https://lists.cncf.io/g/cncf-toc/message/6894
Jaime Magiera: https://lists.cncf.io/g/cncf-toc/message/6897
Daniel Holbach: https://lists.cncf.io/g/cncf-toc/message/6899
Daniel Helfand: https://lists.cncf.io/g/cncf-toc/message/6900
Oleg Nenashev: https://lists.cncf.io/g/cncf-toc/message/6903
Alolita Sharma: https://lists.cncf.io/g/cncf-toc/message/6904
Alois Reitbauer: https://lists.cncf.io/g/cncf-toc/message/6907
Niki Manoledaki: https://lists.cncf.io/g/cncf-toc/message/6908
Gergely Brautigam: https://lists.cncf.io/g/cncf-toc/message/6909
Debra Bernstein: https://lists.cncf.io/g/cncf-toc/message/6912
Maulik Shyani: https://lists.cncf.io/g/cncf-toc/message/6913
Melissa Evers: https://lists.cncf.io/g/cncf-toc/message/6917
Aparna Subramanian: https://lists.cncf.io/g/cncf-toc/message/6918
Alena Prokharchyk: https://lists.cncf.io/g/cncf-toc/message/6923
Toni Menzel: https://lists.cncf.io/g/cncf-toc/message/6924
Claprun: https://lists.cncf.io/g/cncf-toc/message/6939
Stephen Augustus: https://lists.cncf.io/g/cncf-toc/message/6940
Rey Lejano: https://lists.cncf.io/g/cncf-toc/message/6941
Olivier Sagory: https://lists.cncf.io/g/cncf-toc/message/6942

--
Amye Scavarda Perrin | Director of Developer Programs, CNCF | amye@...



Liquid Reply GmbH
Sitz/Registered Office: Gütersloh
Handelsregister/Register of Companies: Amtsgericht Gütersloh, HRB 11915
Geschäftsführer/Managing Directors: Dr. Thomas Hartmann, Tomislav Zorc


Re: [VOTE] WG Environmental Conservation/Sustainability

Srinath Perera
 

+1, NB

On Tue, May 3, 2022 at 3:11 AM Matt Farina <matt@...> wrote:
+1 binding

On Tue, Apr 26, 2022, at 6:11 PM, Amye Scavarda Perrin wrote:
This is the official vote for the Environmental Conservation/Sustainability Working Group. 


Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support! 

--
Amye Scavarda Perrin | Director of Developer Programs, CNCF | amye@...



--
============================
Srinath Perera, Ph.D.


Re: CubeFS (formerly ChubaoFS) Incubation Proposal - Public Comment

Srinath Perera
 

+1 NB

On Fri, Apr 8, 2022 at 6:36 PM YhJIANG <yhjiango@...> wrote:
+1 NB



--
============================
Srinath Perera, Ph.D.


k8gb-2022-Annual Review

Jiri Kremser <jiri.kremser@...>
 

Hello *,
we have finally managed to complete the annual review for k8gb. The pull request is waiting for the review here:


It's our very first annual review so hopefully we have everything ok.

Thank you,
jk


Re: Keptn Incubation Proposal - Public Comment

Amye Scavarda Perrin
 

Public comment is extended through May 25th due to KubeCon, the vote will open then.

On Wed, Apr 20, 2022 at 11:36 AM Lei Zhang <resouer@...> wrote:
Hi all,

We are opening the public comment period for the proposal of Keptn to progress at the CNCF as an Incubating project.


Feel free to comment on the above doc or raise related discussion.

Other information:

Thanks,

Lei Zhang (Harry)



--
Amye Scavarda Perrin | Director of Developer Programs, CNCF | amye@...


[RESULT] WG Environmental Conservation/Sustainability approved

Amye Scavarda Perrin
 

The vote establishing a working group for Environmental Conservation/Sustainability has been approved by a majority of the TOC - https://lists.cncf.io/g/cncf-toc/message/6862
8/10
Davanum Srinivas: https://lists.cncf.io/g/cncf-toc/message/6877
Erin Boyd: https://lists.cncf.io/g/cncf-toc/message/6881
Dave Zolotusky: https://lists.cncf.io/g/cncf-toc/message/6887
Katie Gamanji: https://lists.cncf.io/g/cncf-toc/message/6893
Ricardo Rocha: https://lists.cncf.io/g/cncf-toc/message/6901
Emily Fox: https://lists.cncf.io/g/cncf-toc/message/6902
Richard Hartmann: https://lists.cncf.io/g/cncf-toc/message/6910
Matt Farina: https://lists.cncf.io/g/cncf-toc/message/6948

+1 NB:
Libby Meren: https://lists.cncf.io/g/cncf-toc/message/6865
Jim St. Leger: https://lists.cncf.io/g/cncf-toc/message/6866
Michel Murabito: https://lists.cncf.io/g/cncf-toc/message/6867
Herve LeClerc: https://lists.cncf.io/g/cncf-toc/message/6868
Wojtek Cichoń: https://lists.cncf.io/g/cncf-toc/message/6869
Max Körbächer: https://lists.cncf.io/g/cncf-toc/message/6870
Dawn Foster: https://lists.cncf.io/g/cncf-toc/message/6871
Erik Riedel: https://lists.cncf.io/g/cncf-toc/message/6872
Alex Jones: https://lists.cncf.io/g/cncf-toc/message/6873
Alexis Richardson: https://lists.cncf.io/g/cncf-toc/message/6874
Huamin Chen: https://lists.cncf.io/g/cncf-toc/message/6875
Liz Rice: https://lists.cncf.io/g/cncf-toc/message/6876
Philippe Robin: https://lists.cncf.io/g/cncf-toc/message/6878
Chris Short: https://lists.cncf.io/g/cncf-toc/message/6879
Parul Singh: https://lists.cncf.io/g/cncf-toc/message/6880
Scott Rigby: https://lists.cncf.io/g/cncf-toc/message/6882
Max Jonas Werner: https://lists.cncf.io/g/cncf-toc/message/6883
Cdelia: https://lists.cncf.io/g/cncf-toc/message/6884
Joel Birchler: https://lists.cncf.io/g/cncf-toc/message/6885
R.Levensalor: https://lists.cncf.io/g/cncf-toc/message/6886
Cathy Zhang: https://lists.cncf.io/g/cncf-toc/message/6888
Randy Abernathy: https://lists.cncf.io/g/cncf-toc/message/6889
Scott Reeley: https://lists.cncf.io/g/cncf-toc/message/6890
Divya Mohan: https://lists.cncf.io/g/cncf-toc/message/6894
Jaime Magiera: https://lists.cncf.io/g/cncf-toc/message/6897
Daniel Holbach: https://lists.cncf.io/g/cncf-toc/message/6899
Daniel Helfand: https://lists.cncf.io/g/cncf-toc/message/6900
Oleg Nenashev: https://lists.cncf.io/g/cncf-toc/message/6903
Alolita Sharma: https://lists.cncf.io/g/cncf-toc/message/6904
Alois Reitbauer: https://lists.cncf.io/g/cncf-toc/message/6907
Niki Manoledaki: https://lists.cncf.io/g/cncf-toc/message/6908
Gergely Brautigam: https://lists.cncf.io/g/cncf-toc/message/6909
Debra Bernstein: https://lists.cncf.io/g/cncf-toc/message/6912
Maulik Shyani: https://lists.cncf.io/g/cncf-toc/message/6913
Melissa Evers: https://lists.cncf.io/g/cncf-toc/message/6917
Aparna Subramanian: https://lists.cncf.io/g/cncf-toc/message/6918
Alena Prokharchyk: https://lists.cncf.io/g/cncf-toc/message/6923
Toni Menzel: https://lists.cncf.io/g/cncf-toc/message/6924
Claprun: https://lists.cncf.io/g/cncf-toc/message/6939
Stephen Augustus: https://lists.cncf.io/g/cncf-toc/message/6940
Rey Lejano: https://lists.cncf.io/g/cncf-toc/message/6941
Olivier Sagory: https://lists.cncf.io/g/cncf-toc/message/6942

--
Amye Scavarda Perrin | Director of Developer Programs, CNCF | amye@...


Re: TAG Security Technical Lead Nominations

Emily Fox
 

+1B. Excellent individuals with impactful contributions!


Special Election for GB Appointed Seat

Amye Scavarda Perrin
 

Cornelia Davis has stepped down from the TOC, we thank her very much for her work! 

We'll be running a special election for that seat, seating July 1st. Nominations are open to the Governing Board at this time.

Timeline: 
Nominations: May 9 through June 7
Qualification period: June 7 - June 21
Vote opens: June 21
Vote closes: June 28
Term begins: July 1 

If you'd like to be nominated, speak with one of the Governing Board members and have them nominate you, one nomination is available per member. 

--
Amye Scavarda Perrin | Director of Developer Programs, CNCF | amye@...


Re: TAG Security Technical Lead Nominations

Andrés Vega
 

+1 NB. 

I've had the pleasure to work hand in hand with Marina, Michael, and Ragashree on several projects across the different areas of focus for the Security TAG. The three of them are exceptionally talented and possess a great deal of security expertise. They are innate leaders who are making an impact contributing in more ways than one; maintaining software, creating content, and building community.

 aV

On Thu, May 5, 2022 at 8:15 PM Brandon Lum <lumjjb@...> wrote:
Hi TOC,

The TAG Security Co-chairs would like to nominate Ragashree, Michael Lieberman, and Marina Moore as Technical Leads of TAG Security!

They have been awesome members of the community contributing across many different efforts, we look forward to working with them to further expand the community! Below are their nominations, which is a fraction of all the awesomeness they've done for the community.

Cheers
TAG-Security Co-Chairs

—----------------------------------------------------------------------------------------------------------------------

Nominee: Ragashree 

Github: @ragashreeshekar

Title: Cloud Security Specialist

Professional Affiliation: Nokia


Leadership/participation with TAG-Security:


  • Project Lead: TAG Security Community Manager (#692)

  • Project Lead: Cloud Native Security Lexicon (#735)

  • Project Co-lead Security Con EU 2022 (#811)

  • [Governance] Contributions to communication templates (#670)



Bio:


2021 Nokia Ada Lovelace Honoree, Ragashree M C is a Cloud Security enthusiast with 3+ years industry experience in the domain. She is an active member of several open source security forums such as OWASP, CNCF, CSA etc. She is passionate about all things STEM & security - information science, animal welfare & so on!


—----------------------------------------------------------------------------------------------------------------------


Nominee: Michael Lieberman

Github: @mlieberman85

Title: Supply Chain Security Engineer

Professional Affiliation: Citi


Other community affiliations:

  • Co-Chair, CNCF Financial Services User Group

  • Technical Advisory Committee, SLSA (OpenSSF)


Leadership/participation with TAG-Security:

  • Project Lead: Secure Software Factory Reference Architecture Paper (#679)

  • Contributions to Supply Chain Security Best Practices Paper (#510)

  • Contributions to Security Controls Mapping (#635)


Bio:


Michael Lieberman is an engineer and architect focused on technology transformation especially with regards to cloud native architectures, technologies and migrations. His passion is in applying his expertise to use cases where privacy and security are paramount. Most recently he has been focused on work within the software supply chain security space. He is co-chair of the CNCF Financial Services User Group, SLSA steering committee member, and recently co-lead the Secure Software Factory Reference Architecture for the Security Technical Advisory Group. Michael has also participated in multiple podcasts, panels and talks on behalf of the FSUG, the companies he’s worked for and on behalf of himself as an individual contributor in the tech community.


—----------------------------------------------------------------------------------------------------------------------


Nominee: Marina Moore 

Github: @mnm678

Title: PhD candidate, NYU Tandon’s Secure Systems Lab

Professional Affiliation: NYU, GoDaddy.com


Other community affiliations:

  • Maintainer, The Update Framework

  • Maintainer, Uptane (TUF variant)


Leadership/participation with TAG-Security:

  • Contributions to Supply Chain Security Best Practices Paper (#510)

  • Contributions to Secure Software Factory Reference Architecture Paper (#679)

  • Contributions to Cloud Native Security Whitepaper v2 (#844)



Bio:


Marina Moore is a PhD candidate at NYU Tandon’s Secure Systems Lab focusing on secure software updates and software supply chain security. She is a maintainer of The Update Framework (TUF), a CNCF graduated project, as well as Uptane, the automotive variant of TUF. She contributed to the updated TAG Security Whitepaper and has been actively involved in the supply chain security group, including contributing to the Software Supply Chain Security Best Practices paper. She has presented at the CNCF Security Day at both KubeCon NA and Europe.


—----------------------------------------------------------------------------------------------------------------------


581 - 600 of 7559