Sorry folks, I've got a conflict for tomorrow's TOC meeting, and I will have to skip this one Liz

I think that's the heart of the confusion / expectation that I'm seeing. (Or even more precisely that anything under v1.0 is seen by many as not production-ready.) Ack that not every project sees it

if CNCF wants to help, then publish some guidelines. Or, people will just do their own thing.

Let's face it. Most uses of x.y.z aren't SemVer and most people haven't read the spec :) I think something about graduated projects having a documented policy around versioning is probably

+1 nb 💜 Kind Regards, Bartek Płotka (@bwplotka)

+1 binding Justin

I agree that it should be about setting the bar for the release management, API backwards compatibility, clearly defined versioning scheme and communications around it in Gradulation requirements.

I think there is some nuance in here but it's worth discussing. For example, if a project is using SemVer there are a couple parts of the spec that come to mind... If a project doesn't have a 1.0.0

IMO, everyone's using version numbers in different ways now. For example many projects go to 1.0 once they are feature complete, and hit production way before that. I think insisting on 1.0 for

I'm not convinced that in people's minds, or practically, v1.0 and Graduated mean similar things. As a concrete example, Kubernetes went to v 1.0 several years before it graduated. In my mind,

+1 imo a graduated project should have some documented backward compatibility guarantees and semantic versioning helps denote this. It has been a best practice on all the projects I've worked on. I'd

Hi folks, Someone I spoke with today said something along the lines “if <this project> is stable, why is it still at v0.something?” and that got me thinking - does it make any sense to expect

RESULT: SIG Security Tech Leads: https://lists.cncf.io/g/cncf-toc/message/5558 7/10 - passes! Liz Rice: https://lists.cncf.io/g/cncf-toc/message/5564 Justin Cormack:

+1 NB Best Regards, Magno Logan @magnologan

Ah, ok. Sorry, my mistake!

+1 binding

It wasn't in the sandbox, they went straight for incubation: https://github.com/datawire/ambassador I know it can be confusing as they were originally considered a sandbox contribution but decided to

+1 binding

This question is probably six months too late, but didn't CNCF own the Ambasaador trademark (since the project joined Sandbox)?

Personally I disagree that this is akin to asking for a license change. The name is an intrinsic part of the project. It is the primary key for the community. This feels more like accepting a fork