+1 imo a graduated project should have some documented backward compatibility guarantees and semantic versioning helps denote this. It has been a best practice on all the projects I've worked on. I'd

Hi folks, Someone I spoke with today said something along the lines “if <this project> is stable, why is it still at v0.something?” and that got me thinking - does it make any sense to expect

RESULT: SIG Security Tech Leads: https://lists.cncf.io/g/cncf-toc/message/5558 7/10 - passes! Liz Rice: https://lists.cncf.io/g/cncf-toc/message/5564 Justin Cormack:

+1 NB Best Regards, Magno Logan @magnologan

Ah, ok. Sorry, my mistake!

+1 binding

It wasn't in the sandbox, they went straight for incubation: https://github.com/datawire/ambassador I know it can be confusing as they were originally considered a sandbox contribution but decided to

+1 binding

This question is probably six months too late, but didn't CNCF own the Ambasaador trademark (since the project joined Sandbox)?

Personally I disagree that this is akin to asking for a license change. The name is an intrinsic part of the project. It is the primary key for the community. This feels more like accepting a fork

> if the TOC is saying "choose another name than IC4EP or something else that wouldn't confuse end users" before we accept the project fully then the project can do that in parallel as we onboard it

I don't think we have to fully pause everything but it's up to the TOC here, if the TOC is saying "choose another name than IC4EP or something else that wouldn't confuse end users" before we accept

OK then IMO we have to pause this for a bit. Can we finalize the name, get it fully done, and then re-submit the DD with the new name, website, etc. clearly in place?

The problem is the company rebranded to Ambassador also here: https://www.getambassador.io, so the project needs to be renamed to deal with the obvious trademark conflict here. The CNCF is open to

Also, to be clear, I think Ambassador is a big part of the OSS brand and I had erroneously thought that we were sticking with that name. If we are going to change the name to something entirely new it

I'm sorry for not tracking this more closely, but I agree with Joe on this. I'm not OK with an acronym for something that IMO is too generic. I think you either have to stick with Ambassador or choose

IC4E only begs the question about what it stands for. It also doesn't set the project up, IMO, for success as the more memorable name will be with the commercial entity and it could stunt the

Hi Joe, Matt, many thanks for your comments. @Matt, I remember you raising this in the DD document comments, and @Chris Aniszczyk suggested this would be acceptable under the

That's a very insightful report! Would be great to see more CNCF projects using fuzzing integration to simplify vulnerability scanning and bug fixing.

+1 NB Thank you Ashutosh Narkar, Aradhana Chetal and Andres Vega for all the hard work advancing SIG-Security. Dan Shaw @dshaw Cor.dev - Solving Solved Problems 💗