Date   

[RESULT] WG Environmental Conservation/Sustainability approved

Amye Scavarda Perrin
 

The vote establishing a working group for Environmental Conservation/Sustainability has been approved by a majority of the TOC - https://lists.cncf.io/g/cncf-toc/message/6862
8/10
Davanum Srinivas: https://lists.cncf.io/g/cncf-toc/message/6877
Erin Boyd: https://lists.cncf.io/g/cncf-toc/message/6881
Dave Zolotusky: https://lists.cncf.io/g/cncf-toc/message/6887
Katie Gamanji: https://lists.cncf.io/g/cncf-toc/message/6893
Ricardo Rocha: https://lists.cncf.io/g/cncf-toc/message/6901
Emily Fox: https://lists.cncf.io/g/cncf-toc/message/6902
Richard Hartmann: https://lists.cncf.io/g/cncf-toc/message/6910
Matt Farina: https://lists.cncf.io/g/cncf-toc/message/6948

+1 NB:
Libby Meren: https://lists.cncf.io/g/cncf-toc/message/6865
Jim St. Leger: https://lists.cncf.io/g/cncf-toc/message/6866
Michel Murabito: https://lists.cncf.io/g/cncf-toc/message/6867
Herve LeClerc: https://lists.cncf.io/g/cncf-toc/message/6868
Wojtek Cichoń: https://lists.cncf.io/g/cncf-toc/message/6869
Max Körbächer: https://lists.cncf.io/g/cncf-toc/message/6870
Dawn Foster: https://lists.cncf.io/g/cncf-toc/message/6871
Erik Riedel: https://lists.cncf.io/g/cncf-toc/message/6872
Alex Jones: https://lists.cncf.io/g/cncf-toc/message/6873
Alexis Richardson: https://lists.cncf.io/g/cncf-toc/message/6874
Huamin Chen: https://lists.cncf.io/g/cncf-toc/message/6875
Liz Rice: https://lists.cncf.io/g/cncf-toc/message/6876
Philippe Robin: https://lists.cncf.io/g/cncf-toc/message/6878
Chris Short: https://lists.cncf.io/g/cncf-toc/message/6879
Parul Singh: https://lists.cncf.io/g/cncf-toc/message/6880
Scott Rigby: https://lists.cncf.io/g/cncf-toc/message/6882
Max Jonas Werner: https://lists.cncf.io/g/cncf-toc/message/6883
Cdelia: https://lists.cncf.io/g/cncf-toc/message/6884
Joel Birchler: https://lists.cncf.io/g/cncf-toc/message/6885
R.Levensalor: https://lists.cncf.io/g/cncf-toc/message/6886
Cathy Zhang: https://lists.cncf.io/g/cncf-toc/message/6888
Randy Abernathy: https://lists.cncf.io/g/cncf-toc/message/6889
Scott Reeley: https://lists.cncf.io/g/cncf-toc/message/6890
Divya Mohan: https://lists.cncf.io/g/cncf-toc/message/6894
Jaime Magiera: https://lists.cncf.io/g/cncf-toc/message/6897
Daniel Holbach: https://lists.cncf.io/g/cncf-toc/message/6899
Daniel Helfand: https://lists.cncf.io/g/cncf-toc/message/6900
Oleg Nenashev: https://lists.cncf.io/g/cncf-toc/message/6903
Alolita Sharma: https://lists.cncf.io/g/cncf-toc/message/6904
Alois Reitbauer: https://lists.cncf.io/g/cncf-toc/message/6907
Niki Manoledaki: https://lists.cncf.io/g/cncf-toc/message/6908
Gergely Brautigam: https://lists.cncf.io/g/cncf-toc/message/6909
Debra Bernstein: https://lists.cncf.io/g/cncf-toc/message/6912
Maulik Shyani: https://lists.cncf.io/g/cncf-toc/message/6913
Melissa Evers: https://lists.cncf.io/g/cncf-toc/message/6917
Aparna Subramanian: https://lists.cncf.io/g/cncf-toc/message/6918
Alena Prokharchyk: https://lists.cncf.io/g/cncf-toc/message/6923
Toni Menzel: https://lists.cncf.io/g/cncf-toc/message/6924
Claprun: https://lists.cncf.io/g/cncf-toc/message/6939
Stephen Augustus: https://lists.cncf.io/g/cncf-toc/message/6940
Rey Lejano: https://lists.cncf.io/g/cncf-toc/message/6941
Olivier Sagory: https://lists.cncf.io/g/cncf-toc/message/6942

--
Amye Scavarda Perrin | Director of Developer Programs, CNCF | amye@...


Re: TAG Security Technical Lead Nominations

Emily Fox
 

+1B. Excellent individuals with impactful contributions!


Special Election for GB Appointed Seat

Amye Scavarda Perrin
 

Cornelia Davis has stepped down from the TOC, we thank her very much for her work! 

We'll be running a special election for that seat, seating July 1st. Nominations are open to the Governing Board at this time.

Timeline: 
Nominations: May 9 through June 7
Qualification period: June 7 - June 21
Vote opens: June 21
Vote closes: June 28
Term begins: July 1 

If you'd like to be nominated, speak with one of the Governing Board members and have them nominate you, one nomination is available per member. 

--
Amye Scavarda Perrin | Director of Developer Programs, CNCF | amye@...


Re: TAG Security Technical Lead Nominations

Andrés Vega
 

+1 NB. 

I've had the pleasure to work hand in hand with Marina, Michael, and Ragashree on several projects across the different areas of focus for the Security TAG. The three of them are exceptionally talented and possess a great deal of security expertise. They are innate leaders who are making an impact contributing in more ways than one; maintaining software, creating content, and building community.

 aV

On Thu, May 5, 2022 at 8:15 PM Brandon Lum <lumjjb@...> wrote:
Hi TOC,

The TAG Security Co-chairs would like to nominate Ragashree, Michael Lieberman, and Marina Moore as Technical Leads of TAG Security!

They have been awesome members of the community contributing across many different efforts, we look forward to working with them to further expand the community! Below are their nominations, which is a fraction of all the awesomeness they've done for the community.

Cheers
TAG-Security Co-Chairs

—----------------------------------------------------------------------------------------------------------------------

Nominee: Ragashree 

Github: @ragashreeshekar

Title: Cloud Security Specialist

Professional Affiliation: Nokia


Leadership/participation with TAG-Security:


  • Project Lead: TAG Security Community Manager (#692)

  • Project Lead: Cloud Native Security Lexicon (#735)

  • Project Co-lead Security Con EU 2022 (#811)

  • [Governance] Contributions to communication templates (#670)



Bio:


2021 Nokia Ada Lovelace Honoree, Ragashree M C is a Cloud Security enthusiast with 3+ years industry experience in the domain. She is an active member of several open source security forums such as OWASP, CNCF, CSA etc. She is passionate about all things STEM & security - information science, animal welfare & so on!


—----------------------------------------------------------------------------------------------------------------------


Nominee: Michael Lieberman

Github: @mlieberman85

Title: Supply Chain Security Engineer

Professional Affiliation: Citi


Other community affiliations:

  • Co-Chair, CNCF Financial Services User Group

  • Technical Advisory Committee, SLSA (OpenSSF)


Leadership/participation with TAG-Security:

  • Project Lead: Secure Software Factory Reference Architecture Paper (#679)

  • Contributions to Supply Chain Security Best Practices Paper (#510)

  • Contributions to Security Controls Mapping (#635)


Bio:


Michael Lieberman is an engineer and architect focused on technology transformation especially with regards to cloud native architectures, technologies and migrations. His passion is in applying his expertise to use cases where privacy and security are paramount. Most recently he has been focused on work within the software supply chain security space. He is co-chair of the CNCF Financial Services User Group, SLSA steering committee member, and recently co-lead the Secure Software Factory Reference Architecture for the Security Technical Advisory Group. Michael has also participated in multiple podcasts, panels and talks on behalf of the FSUG, the companies he’s worked for and on behalf of himself as an individual contributor in the tech community.


—----------------------------------------------------------------------------------------------------------------------


Nominee: Marina Moore 

Github: @mnm678

Title: PhD candidate, NYU Tandon’s Secure Systems Lab

Professional Affiliation: NYU, GoDaddy.com


Other community affiliations:

  • Maintainer, The Update Framework

  • Maintainer, Uptane (TUF variant)


Leadership/participation with TAG-Security:

  • Contributions to Supply Chain Security Best Practices Paper (#510)

  • Contributions to Secure Software Factory Reference Architecture Paper (#679)

  • Contributions to Cloud Native Security Whitepaper v2 (#844)



Bio:


Marina Moore is a PhD candidate at NYU Tandon’s Secure Systems Lab focusing on secure software updates and software supply chain security. She is a maintainer of The Update Framework (TUF), a CNCF graduated project, as well as Uptane, the automotive variant of TUF. She contributed to the updated TAG Security Whitepaper and has been actively involved in the supply chain security group, including contributing to the Software Supply Chain Security Best Practices paper. She has presented at the CNCF Security Day at both KubeCon NA and Europe.


—----------------------------------------------------------------------------------------------------------------------



Re: Kyverno incubation public comment period

Amye Scavarda Perrin
 

Public comment is extended through May 25th due to KubeCon, the vote will open then.


On Tue, Apr 26, 2022 at 4:26 AM Davanum Srinivas <davanum@...> wrote:
Hi Folks,

Kyverno has applied to move from sandbox to incubation. As the TOC sponsor, thanks to everyone for their work.

PR: https://github.com/cncf/toc/pull/784
DD: https://docs.google.com/document/d/18dWgOd2MUQz3RXI1R9vKntL3ULyZhOD1HEtijGOeaWg/edit?usp=sharing

Everyone is welcome to comment in the document, on the PR, or in reply to this thread, before we move to a TOC vote. This period of public comment will last a minimum of two weeks.

Thanks,
Dims
--
Davanum Srinivas :: https://twitter.com/dims



--
Amye Scavarda Perrin | Director of Developer Programs, CNCF | amye@...


Re: Sandbox process needs to evolve to support cross industry collaboation

Reitbauer, Alois
 

+1

 

From: cncf-toc@... <cncf-toc@...> on behalf of alexis richardson via lists.cncf.io <alexis=weave.works@...>
Date: Thursday, 5. May 2022 at 18:30
To: Liz Rice <liz@...>
Cc: Alexis Richardson via cncf-toc <cncf-toc@...>, Bob Killen <killen.bob@...>, Richard Hartmann <richih@...>
Subject: Re: [cncf-toc] Sandbox process needs to evolve to support cross industry collaboation

CAUTION: This email originated from outside of Dynatrace. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Remember, the point of cncf is not to create ways for committees to sit in judgment over projects.  It is to make great projects that enable end user success.  That is all.

 

 

On Thu, 5 May 2022, 17:19 Liz Rice, <liz@...> wrote:

Four levels would increase the total work required to assess a project through their life cycle. There might be good reasons to do it, but I don't see that it would solve the initial problem raised on this thread: speeding up the response to the first application at the earliest stage. 

 

The original point of Sandbox was to enable a neutral place for experimentation, for projects that wouldn't meet incubation criteria. A project only needs neutrality if and when there's more than one organisation keen to get involved; that's why I'm suggesting that could be the criteria for Sandbox inclusion. I'm further suggesting those organizations should be CNCF members so that they have "skin in the game"

 

(Of course the TOC might decide there are other reasons to support early stage projects that don't need neutrality - I'm just reminding the original intent.)

 

On Thu, May 5, 2022 at 4:02 PM alexis richardson <alexis@...> wrote:

Stringent implies work, judgement, and value.  It seems that scaling wall has been hit already..

 

 

On Thu, 5 May 2022, 15:44 Bob Killen, <killen.bob@...> wrote:

I agree on quite a few points :)  Replying in line with some thoughts

 

> We tried SIGs (now TAGs) doing due diligence for projects. The level

> of scrutiny, and the closeness to the guidance material available, was
> different across TAGs. In effect, this meant inconsistent processes
> which is arguably unfair. And in cases of disagreements, TOC is pulled
> in automatically anyway.

 

The TOC is the approval body and should be involved in DD, but I do think delegating portions of it to the TAGs is still a good idea and could play a large role in scaling the process. If there have been issues with varying levels of scrutiny in the past, this could be a mentorship and/or documentation opportunity. Think "ride-alongs" for reviewing DD, calling out what to look for, etc.  I also don't necessarily want to volunteer them, but TAG Contributor Strategy would be an excellent resource to pull in to review areas of governance and community health.

 

> What TAGs could provide is an initial proving ground, though: Projects
> could give a presentation and go through questions and feedback in a
> more limited scope, allowing them to polish their submittal.

 

+1 to involving them early, an initial consult would likely help with firming up applications before applying to Sandbox.

 

> While I know that the current sandbox process is designed to be very
> low barrier, I am still not convinced that this is an obviously
> desirable design goal. It is true that a neutral playing field is good
> and helps some projects grow. It is also true that "CNCF project"
> holds immense marketing value and many efforts are ephemeral, in
> particular if largely driven by perf & marketing.

> Back when sandbox criteria were relaxed, I was of the opinion that
> they should remain more stringent.

 

I have held the same opinion - I thought they should, to a degree, remain more stringent. While Sandbox does not have any formal marketing support from the CNCF, that doesn't mean companies or other groups can't market them as a "CNCF Project." Smaller or independent projects that might not have those sorts of resources will have a harder time climbing the ladder.

 

> I have come to wonder if four
> levels wouldn't be more appropriate: An initial runway on which
> projects can be put; but also pruned more aggressively if they do not
> show growth/adoption/the usual. E.g. once submitted they have three?
> six? twelve? months to show certain progress or are removed outright.

 

I was literally talking with a co-worker about this thought yesterday as a potential idea :)

I don't know if it's the answer, but I do really like the idea of a timebox with explicit criteria for exiting. It should not require a deep dive into the project to determine if they are ready to move up to sandbox. I'd also like to see restrictions on the branding/marketing of "CNCF Project" at this level. A potential alternative might be "Cloud Native Inception Project" or something along those lines.

 

 

> Another would be to rework the process & documentation; e.g.
> Incubation had distinct requirement docs which TAGs copied together
> and deduplicated back during the DD trials.

 

+1 to firming up requirements/docs. While I think there needs to be some room for TOC discretion, I think being more explicit with requirements will help reduce the toil involved with the DD process.

 

 

I have a slew more thoughts, but this subject might be a good discussion during a TOC meeting :)

 

- Bob

 

 

 

On Thu, May 5, 2022 at 7:38 AM Richard Hartmann <richih@...> wrote:

Replying top-level as my thoughts jump across the thread.


I didn't run the numbers, yet I believe that the pace of submissions
has picked up. That alone can increase backlog.

We tried SIGs (now TAGs) doing due diligence for projects. The level
of scrutiny, and the closeness to the guidance material available, was
different across TAGs. In effect, this meant inconsistent processes
which is arguably unfair. And in cases of disagreements, TOC is pulled
in automatically anyway.
A clear delegation from TOC might be possible, yet project advancement
is one of the main tasks of TOC and arguably what votees expect TOC to
do. In any case, it does change any of the underlying desires.

What TAGs could provide is an initial proving ground, though: Projects
could give a presentation and go through questions and feedback in a
more limited scope, allowing them to polish their submittal.


While I know that the current sandbox process is designed to be very
low barrier, I am still not convinced that this is an obviously
desirable design goal. It is true that a neutral playing field is good
and helps some projects grow. It is also true that "CNCF project"
holds immense marketing value and many efforts are ephemeral, in
particular if largely driven by perf & marketing.
Back when sandbox criteria were relaxed, I was of the opinion that
they should remain more stringent. I have come to wonder if four
levels wouldn't be more appropriate: An initial runway on which
projects can be put; but also pruned more aggressively if they do not
show growth/adoption/the usual. E.g. once submitted they have three?
six? twelve? months to show certain progress or are removed outright.
Medium term, this might also allow for a smaller jump towards
Incubating, which is currently significant.


Orthogonally, I believe we can manage expectations better. One
possible approach would be to create dashboards and reports of the
underlying data to help manage expectations and keep ourselves honest.
What are the average and median times a project takes from stage X to
stage Y? How has this changed over time?
Another would be to rework the process & documentation; e.g.
Incubation had distinct requirement docs which TAGs copied together
and deduplicated back during the DD trials.



Having seen things from both sides now, and since CNCF started, I can
understand both the frustrations about some timelines better and also
understand how a few dedicated people are trying to do their best with
the time they have. On all sides.


Best,
Richard




This email may contain confidential information. If it appears this message was sent to you by mistake, please let us know of the error. In this case, we also ask that you do not further forward the content and delete it. Thank you for your cooperation and understanding. Dynatrace Austria GmbH (registration number FN 91482h) is a company registered in Linz whose registered office is at 4020 Linz, Austria, Am Fünfundzwanziger Turm 20.


TAG Security Technical Lead Nominations

Brandon Lum
 

Hi TOC,

The TAG Security Co-chairs would like to nominate Ragashree, Michael Lieberman, and Marina Moore as Technical Leads of TAG Security!

They have been awesome members of the community contributing across many different efforts, we look forward to working with them to further expand the community! Below are their nominations, which is a fraction of all the awesomeness they've done for the community.

Cheers
TAG-Security Co-Chairs

—----------------------------------------------------------------------------------------------------------------------

Nominee: Ragashree 

Github: @ragashreeshekar

Title: Cloud Security Specialist

Professional Affiliation: Nokia


Leadership/participation with TAG-Security:


  • Project Lead: TAG Security Community Manager (#692)

  • Project Lead: Cloud Native Security Lexicon (#735)

  • Project Co-lead Security Con EU 2022 (#811)

  • [Governance] Contributions to communication templates (#670)



Bio:


2021 Nokia Ada Lovelace Honoree, Ragashree M C is a Cloud Security enthusiast with 3+ years industry experience in the domain. She is an active member of several open source security forums such as OWASP, CNCF, CSA etc. She is passionate about all things STEM & security - information science, animal welfare & so on!


—----------------------------------------------------------------------------------------------------------------------


Nominee: Michael Lieberman

Github: @mlieberman85

Title: Supply Chain Security Engineer

Professional Affiliation: Citi


Other community affiliations:

  • Co-Chair, CNCF Financial Services User Group

  • Technical Advisory Committee, SLSA (OpenSSF)


Leadership/participation with TAG-Security:

  • Project Lead: Secure Software Factory Reference Architecture Paper (#679)

  • Contributions to Supply Chain Security Best Practices Paper (#510)

  • Contributions to Security Controls Mapping (#635)


Bio:


Michael Lieberman is an engineer and architect focused on technology transformation especially with regards to cloud native architectures, technologies and migrations. His passion is in applying his expertise to use cases where privacy and security are paramount. Most recently he has been focused on work within the software supply chain security space. He is co-chair of the CNCF Financial Services User Group, SLSA steering committee member, and recently co-lead the Secure Software Factory Reference Architecture for the Security Technical Advisory Group. Michael has also participated in multiple podcasts, panels and talks on behalf of the FSUG, the companies he’s worked for and on behalf of himself as an individual contributor in the tech community.


—----------------------------------------------------------------------------------------------------------------------


Nominee: Marina Moore 

Github: @mnm678

Title: PhD candidate, NYU Tandon’s Secure Systems Lab

Professional Affiliation: NYU, GoDaddy.com


Other community affiliations:

  • Maintainer, The Update Framework

  • Maintainer, Uptane (TUF variant)


Leadership/participation with TAG-Security:

  • Contributions to Supply Chain Security Best Practices Paper (#510)

  • Contributions to Secure Software Factory Reference Architecture Paper (#679)

  • Contributions to Cloud Native Security Whitepaper v2 (#844)



Bio:


Marina Moore is a PhD candidate at NYU Tandon’s Secure Systems Lab focusing on secure software updates and software supply chain security. She is a maintainer of The Update Framework (TUF), a CNCF graduated project, as well as Uptane, the automotive variant of TUF. She contributed to the updated TAG Security Whitepaper and has been actively involved in the supply chain security group, including contributing to the Software Supply Chain Security Best Practices paper. She has presented at the CNCF Security Day at both KubeCon NA and Europe.


—----------------------------------------------------------------------------------------------------------------------



Re: Sandbox process needs to evolve to support cross industry collaboation

Liz Rice
 

There is a different sandbox logo, and projects are required to explicitly say they are sandbox whenever they mention that they are CNCF projects. The staff are pretty good at chasing up if folks report there are projects not complying with that

On Thu, 5 May 2022 at 19:10, alexis richardson <alexis@...> wrote:
We need VCs to sit on their hands until Incubation


On Thu, 5 May 2022 at 19:01, Brendan Burns <bburns@...> wrote:
Just for a historic perspective. When we did this discussion the last time, we identified that there are fundamentally two divergent goals that we have to balance:

Projects Goal #1) Bring multiple, potentially competing parties together in a neutral space so they can collaborate and innovate in open source without worrying about ownership. This goal means that the bar for Sandbox should be as low as possible to facilitate as much collaboration and innovation as possible.

Projects Goal #2) Get the CNCF 'label' for their project from a marketing perspective to spur interest, growth and (potentially) venture capital. This goal means that the bar for Sandbox should be rigorous so that we don't dilute CNCF brand/resources for random projects.

No matter how many lowest levels you add (4 instead of 3, 5 instead of 4, etc) none of this will go away. At the lowest level you always have to balance these two different, divergent goals.

Where we landed was that to try to make the Sandbox bar pretty low, but also try to make (and enforce) the usage of the CNCF logo/imprimatur for Sandbox projects.

At the time, we suggested crafting a separate 'sandbox' logo that looked like it was drawn with crayons (and perhaps even had toddlers in a sandbox) so that people really understood that there was no CNCF endorsement implied by being in Sandbox.

Afaik, this never happened, but I think the important lesson is that adding additional levels will not solve the problem, it just moves it.

And also, the problem is fundamentally unsolveable. All you can hope for is achieving some sort of balance (and adjusting from time to time based on experience to retain this balance)

--brendan



From: cncf-toc@... <cncf-toc@...> on behalf of alexis richardson via lists.cncf.io <alexis=weave.works@...>
Sent: Thursday, May 5, 2022 9:26 AM
To: Liz Rice <liz@...>
Cc: Alexis Richardson via cncf-toc <cncf-toc@...>; Bob Killen <killen.bob@...>; Richard Hartmann <richih@...>
Subject: [EXTERNAL] Re: [cncf-toc] Sandbox process needs to evolve to support cross industry collaboation
 
Remember, the point of cncf is not to create ways for committees to sit in judgment over projects.  It is to make great projects that enable end user success.  That is all.


On Thu, 5 May 2022, 17:19 Liz Rice, <liz@...> wrote:
Four levels would increase the total work required to assess a project through their life cycle. There might be good reasons to do it, but I don't see that it would solve the initial problem raised on this thread: speeding up the response to the first application at the earliest stage. 

The original point of Sandbox was to enable a neutral place for experimentation, for projects that wouldn't meet incubation criteria. A project only needs neutrality if and when there's more than one organisation keen to get involved; that's why I'm suggesting that could be the criteria for Sandbox inclusion. I'm further suggesting those organizations should be CNCF members so that they have "skin in the game"

(Of course the TOC might decide there are other reasons to support early stage projects that don't need neutrality - I'm just reminding the original intent.)

On Thu, May 5, 2022 at 4:02 PM alexis richardson <alexis@...> wrote:
Stringent implies work, judgement, and value.  It seems that scaling wall has been hit already..


On Thu, 5 May 2022, 15:44 Bob Killen, <killen.bob@...> wrote:
I agree on quite a few points :)  Replying in line with some thoughts

> We tried SIGs (now TAGs) doing due diligence for projects. The level
> of scrutiny, and the closeness to the guidance material available, was
> different across TAGs. In effect, this meant inconsistent processes
> which is arguably unfair. And in cases of disagreements, TOC is pulled
> in automatically anyway.

The TOC is the approval body and should be involved in DD, but I do think delegating portions of it to the TAGs is still a good idea and could play a large role in scaling the process. If there have been issues with varying levels of scrutiny in the past, this could be a mentorship and/or documentation opportunity. Think "ride-alongs" for reviewing DD, calling out what to look for, etc.  I also don't necessarily want to volunteer them, but TAG Contributor Strategy would be an excellent resource to pull in to review areas of governance and community health.

> What TAGs could provide is an initial proving ground, though: Projects
> could give a presentation and go through questions and feedback in a
> more limited scope, allowing them to polish their submittal.

+1 to involving them early, an initial consult would likely help with firming up applications before applying to Sandbox.

> While I know that the current sandbox process is designed to be very
> low barrier, I am still not convinced that this is an obviously
> desirable design goal. It is true that a neutral playing field is good
> and helps some projects grow. It is also true that "CNCF project"
> holds immense marketing value and many efforts are ephemeral, in
> particular if largely driven by perf & marketing.
> Back when sandbox criteria were relaxed, I was of the opinion that
> they should remain more stringent.

I have held the same opinion - I thought they should, to a degree, remain more stringent. While Sandbox does not have any formal marketing support from the CNCF, that doesn't mean companies or other groups can't market them as a "CNCF Project." Smaller or independent projects that might not have those sorts of resources will have a harder time climbing the ladder.

> I have come to wonder if four
> levels wouldn't be more appropriate: An initial runway on which
> projects can be put; but also pruned more aggressively if they do not
> show growth/adoption/the usual. E.g. once submitted they have three?
> six? twelve? months to show certain progress or are removed outright.

I was literally talking with a co-worker about this thought yesterday as a potential idea :)
I don't know if it's the answer, but I do really like the idea of a timebox with explicit criteria for exiting. It should not require a deep dive into the project to determine if they are ready to move up to sandbox. I'd also like to see restrictions on the branding/marketing of "CNCF Project" at this level. A potential alternative might be "Cloud Native Inception Project" or something along those lines.


> Another would be to rework the process & documentation; e.g.
> Incubation had distinct requirement docs which TAGs copied together
> and deduplicated back during the DD trials.

+1 to firming up requirements/docs. While I think there needs to be some room for TOC discretion, I think being more explicit with requirements will help reduce the toil involved with the DD process.


I have a slew more thoughts, but this subject might be a good discussion during a TOC meeting :)

- Bob



On Thu, May 5, 2022 at 7:38 AM Richard Hartmann <richih@...> wrote:
Replying top-level as my thoughts jump across the thread.


I didn't run the numbers, yet I believe that the pace of submissions
has picked up. That alone can increase backlog.

We tried SIGs (now TAGs) doing due diligence for projects. The level
of scrutiny, and the closeness to the guidance material available, was
different across TAGs. In effect, this meant inconsistent processes
which is arguably unfair. And in cases of disagreements, TOC is pulled
in automatically anyway.
A clear delegation from TOC might be possible, yet project advancement
is one of the main tasks of TOC and arguably what votees expect TOC to
do. In any case, it does change any of the underlying desires.

What TAGs could provide is an initial proving ground, though: Projects
could give a presentation and go through questions and feedback in a
more limited scope, allowing them to polish their submittal.


While I know that the current sandbox process is designed to be very
low barrier, I am still not convinced that this is an obviously
desirable design goal. It is true that a neutral playing field is good
and helps some projects grow. It is also true that "CNCF project"
holds immense marketing value and many efforts are ephemeral, in
particular if largely driven by perf & marketing.
Back when sandbox criteria were relaxed, I was of the opinion that
they should remain more stringent. I have come to wonder if four
levels wouldn't be more appropriate: An initial runway on which
projects can be put; but also pruned more aggressively if they do not
show growth/adoption/the usual. E.g. once submitted they have three?
six? twelve? months to show certain progress or are removed outright.
Medium term, this might also allow for a smaller jump towards
Incubating, which is currently significant.


Orthogonally, I believe we can manage expectations better. One
possible approach would be to create dashboards and reports of the
underlying data to help manage expectations and keep ourselves honest.
What are the average and median times a project takes from stage X to
stage Y? How has this changed over time?
Another would be to rework the process & documentation; e.g.
Incubation had distinct requirement docs which TAGs copied together
and deduplicated back during the DD trials.



Having seen things from both sides now, and since CNCF started, I can
understand both the frustrations about some timelines better and also
understand how a few dedicated people are trying to do their best with
the time they have. On all sides.


Best,
Richard






Re: Sandbox process needs to evolve to support cross industry collaboation

alexis richardson
 

We need VCs to sit on their hands until Incubation


On Thu, 5 May 2022 at 19:01, Brendan Burns <bburns@...> wrote:
Just for a historic perspective. When we did this discussion the last time, we identified that there are fundamentally two divergent goals that we have to balance:

Projects Goal #1) Bring multiple, potentially competing parties together in a neutral space so they can collaborate and innovate in open source without worrying about ownership. This goal means that the bar for Sandbox should be as low as possible to facilitate as much collaboration and innovation as possible.

Projects Goal #2) Get the CNCF 'label' for their project from a marketing perspective to spur interest, growth and (potentially) venture capital. This goal means that the bar for Sandbox should be rigorous so that we don't dilute CNCF brand/resources for random projects.

No matter how many lowest levels you add (4 instead of 3, 5 instead of 4, etc) none of this will go away. At the lowest level you always have to balance these two different, divergent goals.

Where we landed was that to try to make the Sandbox bar pretty low, but also try to make (and enforce) the usage of the CNCF logo/imprimatur for Sandbox projects.

At the time, we suggested crafting a separate 'sandbox' logo that looked like it was drawn with crayons (and perhaps even had toddlers in a sandbox) so that people really understood that there was no CNCF endorsement implied by being in Sandbox.

Afaik, this never happened, but I think the important lesson is that adding additional levels will not solve the problem, it just moves it.

And also, the problem is fundamentally unsolveable. All you can hope for is achieving some sort of balance (and adjusting from time to time based on experience to retain this balance)

--brendan



From: cncf-toc@... <cncf-toc@...> on behalf of alexis richardson via lists.cncf.io <alexis=weave.works@...>
Sent: Thursday, May 5, 2022 9:26 AM
To: Liz Rice <liz@...>
Cc: Alexis Richardson via cncf-toc <cncf-toc@...>; Bob Killen <killen.bob@...>; Richard Hartmann <richih@...>
Subject: [EXTERNAL] Re: [cncf-toc] Sandbox process needs to evolve to support cross industry collaboation
 
Remember, the point of cncf is not to create ways for committees to sit in judgment over projects.  It is to make great projects that enable end user success.  That is all.


On Thu, 5 May 2022, 17:19 Liz Rice, <liz@...> wrote:
Four levels would increase the total work required to assess a project through their life cycle. There might be good reasons to do it, but I don't see that it would solve the initial problem raised on this thread: speeding up the response to the first application at the earliest stage. 

The original point of Sandbox was to enable a neutral place for experimentation, for projects that wouldn't meet incubation criteria. A project only needs neutrality if and when there's more than one organisation keen to get involved; that's why I'm suggesting that could be the criteria for Sandbox inclusion. I'm further suggesting those organizations should be CNCF members so that they have "skin in the game"

(Of course the TOC might decide there are other reasons to support early stage projects that don't need neutrality - I'm just reminding the original intent.)

On Thu, May 5, 2022 at 4:02 PM alexis richardson <alexis@...> wrote:
Stringent implies work, judgement, and value.  It seems that scaling wall has been hit already..


On Thu, 5 May 2022, 15:44 Bob Killen, <killen.bob@...> wrote:
I agree on quite a few points :)  Replying in line with some thoughts

> We tried SIGs (now TAGs) doing due diligence for projects. The level
> of scrutiny, and the closeness to the guidance material available, was
> different across TAGs. In effect, this meant inconsistent processes
> which is arguably unfair. And in cases of disagreements, TOC is pulled
> in automatically anyway.

The TOC is the approval body and should be involved in DD, but I do think delegating portions of it to the TAGs is still a good idea and could play a large role in scaling the process. If there have been issues with varying levels of scrutiny in the past, this could be a mentorship and/or documentation opportunity. Think "ride-alongs" for reviewing DD, calling out what to look for, etc.  I also don't necessarily want to volunteer them, but TAG Contributor Strategy would be an excellent resource to pull in to review areas of governance and community health.

> What TAGs could provide is an initial proving ground, though: Projects
> could give a presentation and go through questions and feedback in a
> more limited scope, allowing them to polish their submittal.

+1 to involving them early, an initial consult would likely help with firming up applications before applying to Sandbox.

> While I know that the current sandbox process is designed to be very
> low barrier, I am still not convinced that this is an obviously
> desirable design goal. It is true that a neutral playing field is good
> and helps some projects grow. It is also true that "CNCF project"
> holds immense marketing value and many efforts are ephemeral, in
> particular if largely driven by perf & marketing.
> Back when sandbox criteria were relaxed, I was of the opinion that
> they should remain more stringent.

I have held the same opinion - I thought they should, to a degree, remain more stringent. While Sandbox does not have any formal marketing support from the CNCF, that doesn't mean companies or other groups can't market them as a "CNCF Project." Smaller or independent projects that might not have those sorts of resources will have a harder time climbing the ladder.

> I have come to wonder if four
> levels wouldn't be more appropriate: An initial runway on which
> projects can be put; but also pruned more aggressively if they do not
> show growth/adoption/the usual. E.g. once submitted they have three?
> six? twelve? months to show certain progress or are removed outright.

I was literally talking with a co-worker about this thought yesterday as a potential idea :)
I don't know if it's the answer, but I do really like the idea of a timebox with explicit criteria for exiting. It should not require a deep dive into the project to determine if they are ready to move up to sandbox. I'd also like to see restrictions on the branding/marketing of "CNCF Project" at this level. A potential alternative might be "Cloud Native Inception Project" or something along those lines.


> Another would be to rework the process & documentation; e.g.
> Incubation had distinct requirement docs which TAGs copied together
> and deduplicated back during the DD trials.

+1 to firming up requirements/docs. While I think there needs to be some room for TOC discretion, I think being more explicit with requirements will help reduce the toil involved with the DD process.


I have a slew more thoughts, but this subject might be a good discussion during a TOC meeting :)

- Bob



On Thu, May 5, 2022 at 7:38 AM Richard Hartmann <richih@...> wrote:
Replying top-level as my thoughts jump across the thread.


I didn't run the numbers, yet I believe that the pace of submissions
has picked up. That alone can increase backlog.

We tried SIGs (now TAGs) doing due diligence for projects. The level
of scrutiny, and the closeness to the guidance material available, was
different across TAGs. In effect, this meant inconsistent processes
which is arguably unfair. And in cases of disagreements, TOC is pulled
in automatically anyway.
A clear delegation from TOC might be possible, yet project advancement
is one of the main tasks of TOC and arguably what votees expect TOC to
do. In any case, it does change any of the underlying desires.

What TAGs could provide is an initial proving ground, though: Projects
could give a presentation and go through questions and feedback in a
more limited scope, allowing them to polish their submittal.


While I know that the current sandbox process is designed to be very
low barrier, I am still not convinced that this is an obviously
desirable design goal. It is true that a neutral playing field is good
and helps some projects grow. It is also true that "CNCF project"
holds immense marketing value and many efforts are ephemeral, in
particular if largely driven by perf & marketing.
Back when sandbox criteria were relaxed, I was of the opinion that
they should remain more stringent. I have come to wonder if four
levels wouldn't be more appropriate: An initial runway on which
projects can be put; but also pruned more aggressively if they do not
show growth/adoption/the usual. E.g. once submitted they have three?
six? twelve? months to show certain progress or are removed outright.
Medium term, this might also allow for a smaller jump towards
Incubating, which is currently significant.


Orthogonally, I believe we can manage expectations better. One
possible approach would be to create dashboards and reports of the
underlying data to help manage expectations and keep ourselves honest.
What are the average and median times a project takes from stage X to
stage Y? How has this changed over time?
Another would be to rework the process & documentation; e.g.
Incubation had distinct requirement docs which TAGs copied together
and deduplicated back during the DD trials.



Having seen things from both sides now, and since CNCF started, I can
understand both the frustrations about some timelines better and also
understand how a few dedicated people are trying to do their best with
the time they have. On all sides.


Best,
Richard






Re: Sandbox process needs to evolve to support cross industry collaboation

Brendan Burns
 

Just for a historic perspective. When we did this discussion the last time, we identified that there are fundamentally two divergent goals that we have to balance:

Projects Goal #1) Bring multiple, potentially competing parties together in a neutral space so they can collaborate and innovate in open source without worrying about ownership. This goal means that the bar for Sandbox should be as low as possible to facilitate as much collaboration and innovation as possible.

Projects Goal #2) Get the CNCF 'label' for their project from a marketing perspective to spur interest, growth and (potentially) venture capital. This goal means that the bar for Sandbox should be rigorous so that we don't dilute CNCF brand/resources for random projects.

No matter how many lowest levels you add (4 instead of 3, 5 instead of 4, etc) none of this will go away. At the lowest level you always have to balance these two different, divergent goals.

Where we landed was that to try to make the Sandbox bar pretty low, but also try to make (and enforce) the usage of the CNCF logo/imprimatur for Sandbox projects.

At the time, we suggested crafting a separate 'sandbox' logo that looked like it was drawn with crayons (and perhaps even had toddlers in a sandbox) so that people really understood that there was no CNCF endorsement implied by being in Sandbox.

Afaik, this never happened, but I think the important lesson is that adding additional levels will not solve the problem, it just moves it.

And also, the problem is fundamentally unsolveable. All you can hope for is achieving some sort of balance (and adjusting from time to time based on experience to retain this balance)

--brendan



From: cncf-toc@... <cncf-toc@...> on behalf of alexis richardson via lists.cncf.io <alexis=weave.works@...>
Sent: Thursday, May 5, 2022 9:26 AM
To: Liz Rice <liz@...>
Cc: Alexis Richardson via cncf-toc <cncf-toc@...>; Bob Killen <killen.bob@...>; Richard Hartmann <richih@...>
Subject: [EXTERNAL] Re: [cncf-toc] Sandbox process needs to evolve to support cross industry collaboation
 
Remember, the point of cncf is not to create ways for committees to sit in judgment over projects.  It is to make great projects that enable end user success.  That is all.


On Thu, 5 May 2022, 17:19 Liz Rice, <liz@...> wrote:
Four levels would increase the total work required to assess a project through their life cycle. There might be good reasons to do it, but I don't see that it would solve the initial problem raised on this thread: speeding up the response to the first application at the earliest stage. 

The original point of Sandbox was to enable a neutral place for experimentation, for projects that wouldn't meet incubation criteria. A project only needs neutrality if and when there's more than one organisation keen to get involved; that's why I'm suggesting that could be the criteria for Sandbox inclusion. I'm further suggesting those organizations should be CNCF members so that they have "skin in the game"

(Of course the TOC might decide there are other reasons to support early stage projects that don't need neutrality - I'm just reminding the original intent.)

On Thu, May 5, 2022 at 4:02 PM alexis richardson <alexis@...> wrote:
Stringent implies work, judgement, and value.  It seems that scaling wall has been hit already..


On Thu, 5 May 2022, 15:44 Bob Killen, <killen.bob@...> wrote:
I agree on quite a few points :)  Replying in line with some thoughts

> We tried SIGs (now TAGs) doing due diligence for projects. The level
> of scrutiny, and the closeness to the guidance material available, was
> different across TAGs. In effect, this meant inconsistent processes
> which is arguably unfair. And in cases of disagreements, TOC is pulled
> in automatically anyway.

The TOC is the approval body and should be involved in DD, but I do think delegating portions of it to the TAGs is still a good idea and could play a large role in scaling the process. If there have been issues with varying levels of scrutiny in the past, this could be a mentorship and/or documentation opportunity. Think "ride-alongs" for reviewing DD, calling out what to look for, etc.  I also don't necessarily want to volunteer them, but TAG Contributor Strategy would be an excellent resource to pull in to review areas of governance and community health.

> What TAGs could provide is an initial proving ground, though: Projects
> could give a presentation and go through questions and feedback in a
> more limited scope, allowing them to polish their submittal.

+1 to involving them early, an initial consult would likely help with firming up applications before applying to Sandbox.

> While I know that the current sandbox process is designed to be very
> low barrier, I am still not convinced that this is an obviously
> desirable design goal. It is true that a neutral playing field is good
> and helps some projects grow. It is also true that "CNCF project"
> holds immense marketing value and many efforts are ephemeral, in
> particular if largely driven by perf & marketing.
> Back when sandbox criteria were relaxed, I was of the opinion that
> they should remain more stringent.

I have held the same opinion - I thought they should, to a degree, remain more stringent. While Sandbox does not have any formal marketing support from the CNCF, that doesn't mean companies or other groups can't market them as a "CNCF Project." Smaller or independent projects that might not have those sorts of resources will have a harder time climbing the ladder.

> I have come to wonder if four
> levels wouldn't be more appropriate: An initial runway on which
> projects can be put; but also pruned more aggressively if they do not
> show growth/adoption/the usual. E.g. once submitted they have three?
> six? twelve? months to show certain progress or are removed outright.

I was literally talking with a co-worker about this thought yesterday as a potential idea :)
I don't know if it's the answer, but I do really like the idea of a timebox with explicit criteria for exiting. It should not require a deep dive into the project to determine if they are ready to move up to sandbox. I'd also like to see restrictions on the branding/marketing of "CNCF Project" at this level. A potential alternative might be "Cloud Native Inception Project" or something along those lines.


> Another would be to rework the process & documentation; e.g.
> Incubation had distinct requirement docs which TAGs copied together
> and deduplicated back during the DD trials.

+1 to firming up requirements/docs. While I think there needs to be some room for TOC discretion, I think being more explicit with requirements will help reduce the toil involved with the DD process.


I have a slew more thoughts, but this subject might be a good discussion during a TOC meeting :)

- Bob



On Thu, May 5, 2022 at 7:38 AM Richard Hartmann <richih@...> wrote:
Replying top-level as my thoughts jump across the thread.


I didn't run the numbers, yet I believe that the pace of submissions
has picked up. That alone can increase backlog.

We tried SIGs (now TAGs) doing due diligence for projects. The level
of scrutiny, and the closeness to the guidance material available, was
different across TAGs. In effect, this meant inconsistent processes
which is arguably unfair. And in cases of disagreements, TOC is pulled
in automatically anyway.
A clear delegation from TOC might be possible, yet project advancement
is one of the main tasks of TOC and arguably what votees expect TOC to
do. In any case, it does change any of the underlying desires.

What TAGs could provide is an initial proving ground, though: Projects
could give a presentation and go through questions and feedback in a
more limited scope, allowing them to polish their submittal.


While I know that the current sandbox process is designed to be very
low barrier, I am still not convinced that this is an obviously
desirable design goal. It is true that a neutral playing field is good
and helps some projects grow. It is also true that "CNCF project"
holds immense marketing value and many efforts are ephemeral, in
particular if largely driven by perf & marketing.
Back when sandbox criteria were relaxed, I was of the opinion that
they should remain more stringent. I have come to wonder if four
levels wouldn't be more appropriate: An initial runway on which
projects can be put; but also pruned more aggressively if they do not
show growth/adoption/the usual. E.g. once submitted they have three?
six? twelve? months to show certain progress or are removed outright.
Medium term, this might also allow for a smaller jump towards
Incubating, which is currently significant.


Orthogonally, I believe we can manage expectations better. One
possible approach would be to create dashboards and reports of the
underlying data to help manage expectations and keep ourselves honest.
What are the average and median times a project takes from stage X to
stage Y? How has this changed over time?
Another would be to rework the process & documentation; e.g.
Incubation had distinct requirement docs which TAGs copied together
and deduplicated back during the DD trials.



Having seen things from both sides now, and since CNCF started, I can
understand both the frustrations about some timelines better and also
understand how a few dedicated people are trying to do their best with
the time they have. On all sides.


Best,
Richard






2022 Service Mesh Interface Annual Review Submission

Keith Mattix <keithmattix2@...>
 

Hello there!

I’d like to report that a PR for the SMI sandbox project’s annual review has been submitted: https://github.com/cncf/toc/pull/833. Please review at your earliest convenience. 

Thanks,
Keith Mattix


Re: Sandbox process needs to evolve to support cross industry collaboation

alexis richardson
 

Remember, the point of cncf is not to create ways for committees to sit in judgment over projects.  It is to make great projects that enable end user success.  That is all.


On Thu, 5 May 2022, 17:19 Liz Rice, <liz@...> wrote:
Four levels would increase the total work required to assess a project through their life cycle. There might be good reasons to do it, but I don't see that it would solve the initial problem raised on this thread: speeding up the response to the first application at the earliest stage. 

The original point of Sandbox was to enable a neutral place for experimentation, for projects that wouldn't meet incubation criteria. A project only needs neutrality if and when there's more than one organisation keen to get involved; that's why I'm suggesting that could be the criteria for Sandbox inclusion. I'm further suggesting those organizations should be CNCF members so that they have "skin in the game"

(Of course the TOC might decide there are other reasons to support early stage projects that don't need neutrality - I'm just reminding the original intent.)

On Thu, May 5, 2022 at 4:02 PM alexis richardson <alexis@...> wrote:
Stringent implies work, judgement, and value.  It seems that scaling wall has been hit already..


On Thu, 5 May 2022, 15:44 Bob Killen, <killen.bob@...> wrote:
I agree on quite a few points :)  Replying in line with some thoughts

> We tried SIGs (now TAGs) doing due diligence for projects. The level
> of scrutiny, and the closeness to the guidance material available, was
> different across TAGs. In effect, this meant inconsistent processes
> which is arguably unfair. And in cases of disagreements, TOC is pulled
> in automatically anyway.

The TOC is the approval body and should be involved in DD, but I do think delegating portions of it to the TAGs is still a good idea and could play a large role in scaling the process. If there have been issues with varying levels of scrutiny in the past, this could be a mentorship and/or documentation opportunity. Think "ride-alongs" for reviewing DD, calling out what to look for, etc.  I also don't necessarily want to volunteer them, but TAG Contributor Strategy would be an excellent resource to pull in to review areas of governance and community health.

> What TAGs could provide is an initial proving ground, though: Projects
> could give a presentation and go through questions and feedback in a
> more limited scope, allowing them to polish their submittal.

+1 to involving them early, an initial consult would likely help with firming up applications before applying to Sandbox.

> While I know that the current sandbox process is designed to be very
> low barrier, I am still not convinced that this is an obviously
> desirable design goal. It is true that a neutral playing field is good
> and helps some projects grow. It is also true that "CNCF project"
> holds immense marketing value and many efforts are ephemeral, in
> particular if largely driven by perf & marketing.
> Back when sandbox criteria were relaxed, I was of the opinion that
> they should remain more stringent.

I have held the same opinion - I thought they should, to a degree, remain more stringent. While Sandbox does not have any formal marketing support from the CNCF, that doesn't mean companies or other groups can't market them as a "CNCF Project." Smaller or independent projects that might not have those sorts of resources will have a harder time climbing the ladder.

> I have come to wonder if four
> levels wouldn't be more appropriate: An initial runway on which
> projects can be put; but also pruned more aggressively if they do not
> show growth/adoption/the usual. E.g. once submitted they have three?
> six? twelve? months to show certain progress or are removed outright.

I was literally talking with a co-worker about this thought yesterday as a potential idea :)
I don't know if it's the answer, but I do really like the idea of a timebox with explicit criteria for exiting. It should not require a deep dive into the project to determine if they are ready to move up to sandbox. I'd also like to see restrictions on the branding/marketing of "CNCF Project" at this level. A potential alternative might be "Cloud Native Inception Project" or something along those lines.


> Another would be to rework the process & documentation; e.g.
> Incubation had distinct requirement docs which TAGs copied together
> and deduplicated back during the DD trials.

+1 to firming up requirements/docs. While I think there needs to be some room for TOC discretion, I think being more explicit with requirements will help reduce the toil involved with the DD process.


I have a slew more thoughts, but this subject might be a good discussion during a TOC meeting :)

- Bob



On Thu, May 5, 2022 at 7:38 AM Richard Hartmann <richih@...> wrote:
Replying top-level as my thoughts jump across the thread.


I didn't run the numbers, yet I believe that the pace of submissions
has picked up. That alone can increase backlog.

We tried SIGs (now TAGs) doing due diligence for projects. The level
of scrutiny, and the closeness to the guidance material available, was
different across TAGs. In effect, this meant inconsistent processes
which is arguably unfair. And in cases of disagreements, TOC is pulled
in automatically anyway.
A clear delegation from TOC might be possible, yet project advancement
is one of the main tasks of TOC and arguably what votees expect TOC to
do. In any case, it does change any of the underlying desires.

What TAGs could provide is an initial proving ground, though: Projects
could give a presentation and go through questions and feedback in a
more limited scope, allowing them to polish their submittal.


While I know that the current sandbox process is designed to be very
low barrier, I am still not convinced that this is an obviously
desirable design goal. It is true that a neutral playing field is good
and helps some projects grow. It is also true that "CNCF project"
holds immense marketing value and many efforts are ephemeral, in
particular if largely driven by perf & marketing.
Back when sandbox criteria were relaxed, I was of the opinion that
they should remain more stringent. I have come to wonder if four
levels wouldn't be more appropriate: An initial runway on which
projects can be put; but also pruned more aggressively if they do not
show growth/adoption/the usual. E.g. once submitted they have three?
six? twelve? months to show certain progress or are removed outright.
Medium term, this might also allow for a smaller jump towards
Incubating, which is currently significant.


Orthogonally, I believe we can manage expectations better. One
possible approach would be to create dashboards and reports of the
underlying data to help manage expectations and keep ourselves honest.
What are the average and median times a project takes from stage X to
stage Y? How has this changed over time?
Another would be to rework the process & documentation; e.g.
Incubation had distinct requirement docs which TAGs copied together
and deduplicated back during the DD trials.



Having seen things from both sides now, and since CNCF started, I can
understand both the frustrations about some timelines better and also
understand how a few dedicated people are trying to do their best with
the time they have. On all sides.


Best,
Richard






Re: Sandbox process needs to evolve to support cross industry collaboation

Liz Rice
 

Four levels would increase the total work required to assess a project through their life cycle. There might be good reasons to do it, but I don't see that it would solve the initial problem raised on this thread: speeding up the response to the first application at the earliest stage. 

The original point of Sandbox was to enable a neutral place for experimentation, for projects that wouldn't meet incubation criteria. A project only needs neutrality if and when there's more than one organisation keen to get involved; that's why I'm suggesting that could be the criteria for Sandbox inclusion. I'm further suggesting those organizations should be CNCF members so that they have "skin in the game"

(Of course the TOC might decide there are other reasons to support early stage projects that don't need neutrality - I'm just reminding the original intent.)

On Thu, May 5, 2022 at 4:02 PM alexis richardson <alexis@...> wrote:
Stringent implies work, judgement, and value.  It seems that scaling wall has been hit already..


On Thu, 5 May 2022, 15:44 Bob Killen, <killen.bob@...> wrote:
I agree on quite a few points :)  Replying in line with some thoughts

> We tried SIGs (now TAGs) doing due diligence for projects. The level
> of scrutiny, and the closeness to the guidance material available, was
> different across TAGs. In effect, this meant inconsistent processes
> which is arguably unfair. And in cases of disagreements, TOC is pulled
> in automatically anyway.

The TOC is the approval body and should be involved in DD, but I do think delegating portions of it to the TAGs is still a good idea and could play a large role in scaling the process. If there have been issues with varying levels of scrutiny in the past, this could be a mentorship and/or documentation opportunity. Think "ride-alongs" for reviewing DD, calling out what to look for, etc.  I also don't necessarily want to volunteer them, but TAG Contributor Strategy would be an excellent resource to pull in to review areas of governance and community health.

> What TAGs could provide is an initial proving ground, though: Projects
> could give a presentation and go through questions and feedback in a
> more limited scope, allowing them to polish their submittal.

+1 to involving them early, an initial consult would likely help with firming up applications before applying to Sandbox.

> While I know that the current sandbox process is designed to be very
> low barrier, I am still not convinced that this is an obviously
> desirable design goal. It is true that a neutral playing field is good
> and helps some projects grow. It is also true that "CNCF project"
> holds immense marketing value and many efforts are ephemeral, in
> particular if largely driven by perf & marketing.
> Back when sandbox criteria were relaxed, I was of the opinion that
> they should remain more stringent.

I have held the same opinion - I thought they should, to a degree, remain more stringent. While Sandbox does not have any formal marketing support from the CNCF, that doesn't mean companies or other groups can't market them as a "CNCF Project." Smaller or independent projects that might not have those sorts of resources will have a harder time climbing the ladder.

> I have come to wonder if four
> levels wouldn't be more appropriate: An initial runway on which
> projects can be put; but also pruned more aggressively if they do not
> show growth/adoption/the usual. E.g. once submitted they have three?
> six? twelve? months to show certain progress or are removed outright.

I was literally talking with a co-worker about this thought yesterday as a potential idea :)
I don't know if it's the answer, but I do really like the idea of a timebox with explicit criteria for exiting. It should not require a deep dive into the project to determine if they are ready to move up to sandbox. I'd also like to see restrictions on the branding/marketing of "CNCF Project" at this level. A potential alternative might be "Cloud Native Inception Project" or something along those lines.


> Another would be to rework the process & documentation; e.g.
> Incubation had distinct requirement docs which TAGs copied together
> and deduplicated back during the DD trials.

+1 to firming up requirements/docs. While I think there needs to be some room for TOC discretion, I think being more explicit with requirements will help reduce the toil involved with the DD process.


I have a slew more thoughts, but this subject might be a good discussion during a TOC meeting :)

- Bob



On Thu, May 5, 2022 at 7:38 AM Richard Hartmann <richih@...> wrote:
Replying top-level as my thoughts jump across the thread.


I didn't run the numbers, yet I believe that the pace of submissions
has picked up. That alone can increase backlog.

We tried SIGs (now TAGs) doing due diligence for projects. The level
of scrutiny, and the closeness to the guidance material available, was
different across TAGs. In effect, this meant inconsistent processes
which is arguably unfair. And in cases of disagreements, TOC is pulled
in automatically anyway.
A clear delegation from TOC might be possible, yet project advancement
is one of the main tasks of TOC and arguably what votees expect TOC to
do. In any case, it does change any of the underlying desires.

What TAGs could provide is an initial proving ground, though: Projects
could give a presentation and go through questions and feedback in a
more limited scope, allowing them to polish their submittal.


While I know that the current sandbox process is designed to be very
low barrier, I am still not convinced that this is an obviously
desirable design goal. It is true that a neutral playing field is good
and helps some projects grow. It is also true that "CNCF project"
holds immense marketing value and many efforts are ephemeral, in
particular if largely driven by perf & marketing.
Back when sandbox criteria were relaxed, I was of the opinion that
they should remain more stringent. I have come to wonder if four
levels wouldn't be more appropriate: An initial runway on which
projects can be put; but also pruned more aggressively if they do not
show growth/adoption/the usual. E.g. once submitted they have three?
six? twelve? months to show certain progress or are removed outright.
Medium term, this might also allow for a smaller jump towards
Incubating, which is currently significant.


Orthogonally, I believe we can manage expectations better. One
possible approach would be to create dashboards and reports of the
underlying data to help manage expectations and keep ourselves honest.
What are the average and median times a project takes from stage X to
stage Y? How has this changed over time?
Another would be to rework the process & documentation; e.g.
Incubation had distinct requirement docs which TAGs copied together
and deduplicated back during the DD trials.



Having seen things from both sides now, and since CNCF started, I can
understand both the frustrations about some timelines better and also
understand how a few dedicated people are trying to do their best with
the time they have. On all sides.


Best,
Richard






Re: Sandbox process needs to evolve to support cross industry collaboation

alexis richardson
 

Stringent implies work, judgement, and value.  It seems that scaling wall has been hit already..


On Thu, 5 May 2022, 15:44 Bob Killen, <killen.bob@...> wrote:
I agree on quite a few points :)  Replying in line with some thoughts

> We tried SIGs (now TAGs) doing due diligence for projects. The level
> of scrutiny, and the closeness to the guidance material available, was
> different across TAGs. In effect, this meant inconsistent processes
> which is arguably unfair. And in cases of disagreements, TOC is pulled
> in automatically anyway.

The TOC is the approval body and should be involved in DD, but I do think delegating portions of it to the TAGs is still a good idea and could play a large role in scaling the process. If there have been issues with varying levels of scrutiny in the past, this could be a mentorship and/or documentation opportunity. Think "ride-alongs" for reviewing DD, calling out what to look for, etc.  I also don't necessarily want to volunteer them, but TAG Contributor Strategy would be an excellent resource to pull in to review areas of governance and community health.

> What TAGs could provide is an initial proving ground, though: Projects
> could give a presentation and go through questions and feedback in a
> more limited scope, allowing them to polish their submittal.

+1 to involving them early, an initial consult would likely help with firming up applications before applying to Sandbox.

> While I know that the current sandbox process is designed to be very
> low barrier, I am still not convinced that this is an obviously
> desirable design goal. It is true that a neutral playing field is good
> and helps some projects grow. It is also true that "CNCF project"
> holds immense marketing value and many efforts are ephemeral, in
> particular if largely driven by perf & marketing.
> Back when sandbox criteria were relaxed, I was of the opinion that
> they should remain more stringent.

I have held the same opinion - I thought they should, to a degree, remain more stringent. While Sandbox does not have any formal marketing support from the CNCF, that doesn't mean companies or other groups can't market them as a "CNCF Project." Smaller or independent projects that might not have those sorts of resources will have a harder time climbing the ladder.

> I have come to wonder if four
> levels wouldn't be more appropriate: An initial runway on which
> projects can be put; but also pruned more aggressively if they do not
> show growth/adoption/the usual. E.g. once submitted they have three?
> six? twelve? months to show certain progress or are removed outright.

I was literally talking with a co-worker about this thought yesterday as a potential idea :)
I don't know if it's the answer, but I do really like the idea of a timebox with explicit criteria for exiting. It should not require a deep dive into the project to determine if they are ready to move up to sandbox. I'd also like to see restrictions on the branding/marketing of "CNCF Project" at this level. A potential alternative might be "Cloud Native Inception Project" or something along those lines.


> Another would be to rework the process & documentation; e.g.
> Incubation had distinct requirement docs which TAGs copied together
> and deduplicated back during the DD trials.

+1 to firming up requirements/docs. While I think there needs to be some room for TOC discretion, I think being more explicit with requirements will help reduce the toil involved with the DD process.


I have a slew more thoughts, but this subject might be a good discussion during a TOC meeting :)

- Bob



On Thu, May 5, 2022 at 7:38 AM Richard Hartmann <richih@...> wrote:
Replying top-level as my thoughts jump across the thread.


I didn't run the numbers, yet I believe that the pace of submissions
has picked up. That alone can increase backlog.

We tried SIGs (now TAGs) doing due diligence for projects. The level
of scrutiny, and the closeness to the guidance material available, was
different across TAGs. In effect, this meant inconsistent processes
which is arguably unfair. And in cases of disagreements, TOC is pulled
in automatically anyway.
A clear delegation from TOC might be possible, yet project advancement
is one of the main tasks of TOC and arguably what votees expect TOC to
do. In any case, it does change any of the underlying desires.

What TAGs could provide is an initial proving ground, though: Projects
could give a presentation and go through questions and feedback in a
more limited scope, allowing them to polish their submittal.


While I know that the current sandbox process is designed to be very
low barrier, I am still not convinced that this is an obviously
desirable design goal. It is true that a neutral playing field is good
and helps some projects grow. It is also true that "CNCF project"
holds immense marketing value and many efforts are ephemeral, in
particular if largely driven by perf & marketing.
Back when sandbox criteria were relaxed, I was of the opinion that
they should remain more stringent. I have come to wonder if four
levels wouldn't be more appropriate: An initial runway on which
projects can be put; but also pruned more aggressively if they do not
show growth/adoption/the usual. E.g. once submitted they have three?
six? twelve? months to show certain progress or are removed outright.
Medium term, this might also allow for a smaller jump towards
Incubating, which is currently significant.


Orthogonally, I believe we can manage expectations better. One
possible approach would be to create dashboards and reports of the
underlying data to help manage expectations and keep ourselves honest.
What are the average and median times a project takes from stage X to
stage Y? How has this changed over time?
Another would be to rework the process & documentation; e.g.
Incubation had distinct requirement docs which TAGs copied together
and deduplicated back during the DD trials.



Having seen things from both sides now, and since CNCF started, I can
understand both the frustrations about some timelines better and also
understand how a few dedicated people are trying to do their best with
the time they have. On all sides.


Best,
Richard






Re: Sandbox process needs to evolve to support cross industry collaboation

Bob Killen
 

I agree on quite a few points :)  Replying in line with some thoughts

> We tried SIGs (now TAGs) doing due diligence for projects. The level
> of scrutiny, and the closeness to the guidance material available, was
> different across TAGs. In effect, this meant inconsistent processes
> which is arguably unfair. And in cases of disagreements, TOC is pulled
> in automatically anyway.

The TOC is the approval body and should be involved in DD, but I do think delegating portions of it to the TAGs is still a good idea and could play a large role in scaling the process. If there have been issues with varying levels of scrutiny in the past, this could be a mentorship and/or documentation opportunity. Think "ride-alongs" for reviewing DD, calling out what to look for, etc.  I also don't necessarily want to volunteer them, but TAG Contributor Strategy would be an excellent resource to pull in to review areas of governance and community health.

> What TAGs could provide is an initial proving ground, though: Projects
> could give a presentation and go through questions and feedback in a
> more limited scope, allowing them to polish their submittal.

+1 to involving them early, an initial consult would likely help with firming up applications before applying to Sandbox.

> While I know that the current sandbox process is designed to be very
> low barrier, I am still not convinced that this is an obviously
> desirable design goal. It is true that a neutral playing field is good
> and helps some projects grow. It is also true that "CNCF project"
> holds immense marketing value and many efforts are ephemeral, in
> particular if largely driven by perf & marketing.
> Back when sandbox criteria were relaxed, I was of the opinion that
> they should remain more stringent.

I have held the same opinion - I thought they should, to a degree, remain more stringent. While Sandbox does not have any formal marketing support from the CNCF, that doesn't mean companies or other groups can't market them as a "CNCF Project." Smaller or independent projects that might not have those sorts of resources will have a harder time climbing the ladder.

> I have come to wonder if four
> levels wouldn't be more appropriate: An initial runway on which
> projects can be put; but also pruned more aggressively if they do not
> show growth/adoption/the usual. E.g. once submitted they have three?
> six? twelve? months to show certain progress or are removed outright.

I was literally talking with a co-worker about this thought yesterday as a potential idea :)
I don't know if it's the answer, but I do really like the idea of a timebox with explicit criteria for exiting. It should not require a deep dive into the project to determine if they are ready to move up to sandbox. I'd also like to see restrictions on the branding/marketing of "CNCF Project" at this level. A potential alternative might be "Cloud Native Inception Project" or something along those lines.


> Another would be to rework the process & documentation; e.g.
> Incubation had distinct requirement docs which TAGs copied together
> and deduplicated back during the DD trials.

+1 to firming up requirements/docs. While I think there needs to be some room for TOC discretion, I think being more explicit with requirements will help reduce the toil involved with the DD process.


I have a slew more thoughts, but this subject might be a good discussion during a TOC meeting :)

- Bob



On Thu, May 5, 2022 at 7:38 AM Richard Hartmann <richih@...> wrote:
Replying top-level as my thoughts jump across the thread.


I didn't run the numbers, yet I believe that the pace of submissions
has picked up. That alone can increase backlog.

We tried SIGs (now TAGs) doing due diligence for projects. The level
of scrutiny, and the closeness to the guidance material available, was
different across TAGs. In effect, this meant inconsistent processes
which is arguably unfair. And in cases of disagreements, TOC is pulled
in automatically anyway.
A clear delegation from TOC might be possible, yet project advancement
is one of the main tasks of TOC and arguably what votees expect TOC to
do. In any case, it does change any of the underlying desires.

What TAGs could provide is an initial proving ground, though: Projects
could give a presentation and go through questions and feedback in a
more limited scope, allowing them to polish their submittal.


While I know that the current sandbox process is designed to be very
low barrier, I am still not convinced that this is an obviously
desirable design goal. It is true that a neutral playing field is good
and helps some projects grow. It is also true that "CNCF project"
holds immense marketing value and many efforts are ephemeral, in
particular if largely driven by perf & marketing.
Back when sandbox criteria were relaxed, I was of the opinion that
they should remain more stringent. I have come to wonder if four
levels wouldn't be more appropriate: An initial runway on which
projects can be put; but also pruned more aggressively if they do not
show growth/adoption/the usual. E.g. once submitted they have three?
six? twelve? months to show certain progress or are removed outright.
Medium term, this might also allow for a smaller jump towards
Incubating, which is currently significant.


Orthogonally, I believe we can manage expectations better. One
possible approach would be to create dashboards and reports of the
underlying data to help manage expectations and keep ourselves honest.
What are the average and median times a project takes from stage X to
stage Y? How has this changed over time?
Another would be to rework the process & documentation; e.g.
Incubation had distinct requirement docs which TAGs copied together
and deduplicated back during the DD trials.



Having seen things from both sides now, and since CNCF started, I can
understand both the frustrations about some timelines better and also
understand how a few dedicated people are trying to do their best with
the time they have. On all sides.


Best,
Richard






Re: Sandbox process needs to evolve to support cross industry collaboation

Richard Hartmann
 

On Thu, May 5, 2022 at 3:57 PM Alexis Richardson <alexis@weave.works> wrote:

Richard how would you formalise this?
Which parts, specifically? I think we need consensus on a direction
before we, potentially, start new/updating processes.


The goal, IMO, is to reduce the subjective judgment on entry to sandbox, and increase the quantitative aspects
Agreed. At the same time, we need to take Goodhart's law[1] into
account. A more quantitative approach to inform project progression is
an obvious target for project optimization. At the same time, a more
quantitative tally of TOC's input and work would help make processes
more transparent and thus predictable.

Put differently, I am not convinced that we can optimize human
judgement away and would rather try to optimize on the side of
transparent processes.


Best,
Richard


[1] https://en.wikipedia.org/wiki/Goodhart%27s_law


Re: Sandbox process needs to evolve to support cross industry collaboation

alexis richardson
 

Richard how would you formalise this?  The goal, IMO, is to reduce the subjective judgment on entry to sandbox, and increase the quantitative aspects


On Thu, 5 May 2022, 13:38 Richard Hartmann, <richih@...> wrote:
Replying top-level as my thoughts jump across the thread.


I didn't run the numbers, yet I believe that the pace of submissions
has picked up. That alone can increase backlog.

We tried SIGs (now TAGs) doing due diligence for projects. The level
of scrutiny, and the closeness to the guidance material available, was
different across TAGs. In effect, this meant inconsistent processes
which is arguably unfair. And in cases of disagreements, TOC is pulled
in automatically anyway.
A clear delegation from TOC might be possible, yet project advancement
is one of the main tasks of TOC and arguably what votees expect TOC to
do. In any case, it does change any of the underlying desires.

What TAGs could provide is an initial proving ground, though: Projects
could give a presentation and go through questions and feedback in a
more limited scope, allowing them to polish their submittal.


While I know that the current sandbox process is designed to be very
low barrier, I am still not convinced that this is an obviously
desirable design goal. It is true that a neutral playing field is good
and helps some projects grow. It is also true that "CNCF project"
holds immense marketing value and many efforts are ephemeral, in
particular if largely driven by perf & marketing.
Back when sandbox criteria were relaxed, I was of the opinion that
they should remain more stringent. I have come to wonder if four
levels wouldn't be more appropriate: An initial runway on which
projects can be put; but also pruned more aggressively if they do not
show growth/adoption/the usual. E.g. once submitted they have three?
six? twelve? months to show certain progress or are removed outright.
Medium term, this might also allow for a smaller jump towards
Incubating, which is currently significant.


Orthogonally, I believe we can manage expectations better. One
possible approach would be to create dashboards and reports of the
underlying data to help manage expectations and keep ourselves honest.
What are the average and median times a project takes from stage X to
stage Y? How has this changed over time?
Another would be to rework the process & documentation; e.g.
Incubation had distinct requirement docs which TAGs copied together
and deduplicated back during the DD trials.



Having seen things from both sides now, and since CNCF started, I can
understand both the frustrations about some timelines better and also
understand how a few dedicated people are trying to do their best with
the time they have. On all sides.


Best,
Richard






Re: Sandbox process needs to evolve to support cross industry collaboation

Richard Hartmann
 

Replying top-level as my thoughts jump across the thread.


I didn't run the numbers, yet I believe that the pace of submissions
has picked up. That alone can increase backlog.

We tried SIGs (now TAGs) doing due diligence for projects. The level
of scrutiny, and the closeness to the guidance material available, was
different across TAGs. In effect, this meant inconsistent processes
which is arguably unfair. And in cases of disagreements, TOC is pulled
in automatically anyway.
A clear delegation from TOC might be possible, yet project advancement
is one of the main tasks of TOC and arguably what votees expect TOC to
do. In any case, it does change any of the underlying desires.

What TAGs could provide is an initial proving ground, though: Projects
could give a presentation and go through questions and feedback in a
more limited scope, allowing them to polish their submittal.


While I know that the current sandbox process is designed to be very
low barrier, I am still not convinced that this is an obviously
desirable design goal. It is true that a neutral playing field is good
and helps some projects grow. It is also true that "CNCF project"
holds immense marketing value and many efforts are ephemeral, in
particular if largely driven by perf & marketing.
Back when sandbox criteria were relaxed, I was of the opinion that
they should remain more stringent. I have come to wonder if four
levels wouldn't be more appropriate: An initial runway on which
projects can be put; but also pruned more aggressively if they do not
show growth/adoption/the usual. E.g. once submitted they have three?
six? twelve? months to show certain progress or are removed outright.
Medium term, this might also allow for a smaller jump towards
Incubating, which is currently significant.


Orthogonally, I believe we can manage expectations better. One
possible approach would be to create dashboards and reports of the
underlying data to help manage expectations and keep ourselves honest.
What are the average and median times a project takes from stage X to
stage Y? How has this changed over time?
Another would be to rework the process & documentation; e.g.
Incubation had distinct requirement docs which TAGs copied together
and deduplicated back during the DD trials.



Having seen things from both sides now, and since CNCF started, I can
understand both the frustrations about some timelines better and also
understand how a few dedicated people are trying to do their best with
the time they have. On all sides.


Best,
Richard


Re: LFX Mentorship '22 Summer Semester

Nate Waddington
 

Hello everyone!

Just a reminder that the cutoff for making project proposals is May 8th!

This is a great opportunity to have a paid mentee help with your projects.



Cheers,
Nate

On Apr 25, 2022, at 5:31 PM, Nate Waddington <nwaddington@...> wrote:

Hello everyone!

The LFX Mentorship '22 Summer semester is open now open for project ideas: https://github.com/cncf/mentoring/tree/main/lfx-mentorship/2022/02-Summer 

We have compressed the administration schedule to work around the LF All hands and KubeCon events this year. The semester is the same length as it has been in previous years.

Project submission and application timeline:
  • mentorships available on LFX Mentorship: May 8th, 2021
  • applications open: May 9th - May 24th (2 weeks)
  • application review/admission decisions/HR paperwork: May 25th - May 31st

We're looking forward to seeing all the project ideas you're interested in working on over the summer!


Cheers,
Nate


Re: Kyverno incubation public comment period

Maulik Shyani
 

+ 1 NB 

On Tue, May 3, 2022 at 10:32 AM Chris Short via lists.cncf.io <cbshort=amazon.com@...> wrote:
+1 NB

Chris Short
He/Him/His
Sr. Developer Advocate, AWS Kubernetes (GitOps)
TZ=America/Detroit

On Apr 26, 2022, at 22:54, Rahul Jadhav <r@...> wrote:

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.


+1 NB


On Tue, Apr 26, 2022 at 4:56 PM Davanum Srinivas <davanum@...> wrote:
Hi Folks,

Kyverno has applied to move from sandbox to incubation. As the TOC sponsor, thanks to everyone for their work.

PR: https://github.com/cncf/toc/pull/784
DD: https://docs.google.com/document/d/18dWgOd2MUQz3RXI1R9vKntL3ULyZhOD1HEtijGOeaWg/edit?usp=sharing

Everyone is welcome to comment in the document, on the PR, or in reply to this thread, before we move to a TOC vote. This period of public comment will last a minimum of two weeks.

Thanks,
Dims
-- 
Davanum Srinivas :: https://twitter.com/dims





--

Thanks and Regards,

Maulik Shyani
CEO
408.480.8501


21 - 40 of 6983