+1 NB, excited to see this - we have been using both widely in Istio.

Best,

Lin

On Aug 5, 2022, at 11:37 AM, Nicolas Vermandé <vfiftyfive@...> wrote:

+1 NB, great to see this evolution!

On Fri, Aug 5, 2022 at 4:22 PM Joe Beda <joe@...> wrote:

Sorry for being late to the party here.

+1 NB

Clearly I’m biased here because I helped get SPIFFE going. But I think this is a critical part of our emerging cloud native toolkit and I’m excited but he progress that the project has made thus far and where it is going.

I’m particularly happy with the split between SPIFFE and SPIRE. In the recent PR to update the TOC principles (https://github.com/cncf/toc/pull/886/) I think that this really embodies the principle of “Promote interfaces and defacto implementations over standards for real world use.” The ability for interoperability through SPIFFE and federation through SPIRE is a powerful combination that will only get more powerful over time.

Joe

On Tue, Jul 26, 2022 at 9:28 AM Emily Fox <themoxiefoxatwork@...> wrote:

Community,

Both the SPIFFE and SPIRE projects have applied to move from incubation to graduation. As the TOC sponsors, Justin Cormack and I would like to thank everyone for their work and patience in bringing both projects to this exciting point.

PR: https://github.com/cncf/toc/pull/778
DD: https://docs.google.com/document/d/1u6ipO6Wr06zQzOUjU92cyX1mKx8Xn9QBXkSqHugQv8Q/edit?usp=sharing
Adopter Interviews: Many interviews were done previously, two additional interviews were conducted anonymously and included in the DD below the existing user stories where previous interviews are captured.


Everyone is welcome to comment in the document, on the PR, or in reply to this thread, before we move to a TOC vote. This period of public comment will last a minimum of two weeks closing on AUG 9 2022.

Thank you.

~Emily Fox

-- 
Cheers,
Nic

very cool, thank you for doing this!  +1

On Fri, Aug 5, 2022 at 4:06 PM Davanum Srinivas <davanum@...> wrote:
>
> Folks,
>
> Please review the new language here[1] which is part of the PR here [2].
>
> We'll merge the PR next friday Aug 12th.
>
> thanks,
> Dims
>
> [1] https://github.com/cncf/toc/blob/04def8d0fd4755fb409e8d0761ea595d58229dc9/PRINCIPLES.md
> [2] https://github.com/cncf/toc/pull/886/
>
> --
> Davanum Srinivas :: https://twitter.com/dims
>

Community,
  
Both the SPIFFE and SPIRE projects have applied to move from incubation to graduation. As the TOC sponsors, Justin Cormack and I would like to thank everyone for their work and patience in bringing both projects to this exciting point.

• PR: https://github.com/cncf/toc/pull/778
• DD: https://docs.google.com/document/d/1u6ipO6Wr06zQzOUjU92cyX1mKx8Xn9QBXkSqHugQv8Q/edit?usp=sharing
• Adopter Interviews: Many interviews were done previously, two additional interviews were conducted anonymously and included in the DD below the existing user stories where previous interviews are captured.

Everyone is welcome to comment in the document, on the PR, or in reply to this thread, before we move to a TOC vote. This period of public comment will last a minimum of two weeks closing on AUG 9 2022.

Thank you.

~Emily Fox

+1 binding

I’m concerned about the BDFL-like governance and would like to see some work towards moving away from that in the next year. Though, overall, this looks great and I support moving on to incubation. 

~Dave

On Jul 19, 2022, at 11:00 PM, Matt Farina <matt@...> wrote:



+1 binding

On Tue, Jul 12, 2022, at 6:19 PM, Amye Scavarda Perrin wrote:

Cloud Custodian has applied to move to the incubation level.

PR: https://github.com/cncf/toc/pull/644

DD: https://docs.google.com/document/d/1k_YAFUwF87E7YT-yUUTKU1OsXUk2MlCxJBYdJTr4LCw/edit?usp=sharing

Ricardo Rocha is the TOC sponsor for this project, has called for public comment and has approved a call for a public vote. (https://lists.cncf.io/g/cncf-toc/message/7180)

Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--

Amye Scavarda Perrin | Director of Developer Programs, CNCF | amye@...

Hi Dave,

Improving affiliation diversity has been a goal for us for this year. We've recently merged another maintainer: https://github.com/cloud-custodian/cloud-custodian/commit/d5a3010e02e105bf3d29520682b768d8534b32f9 and hoping to continue to train up folks to take on more responsibility if they so choose. I've taken a work item to detail more on our efforts in our next annual review report to surface more of this. 

As for the governance model there is a draft here : https://github.com/cloud-custodian/cloud-custodian/issues/7149

Hopefully no surprises on that one since it's strikingly similar to other CNCF projects on purpose. :) 

On Jul 25 2022, at 4:25 am, Dave Zolotusky via lists.cncf.io <dzolo=spotify.com@...> wrote:

+1 binding

I’m concerned about the BDFL-like governance and would like to see some work towards moving away from that in the next year. Though, overall, this looks great and I support moving on to incubation. 

~Dave

On Jul 19, 2022, at 11:00 PM, Matt Farina <matt@...> wrote:



+1 binding

On Tue, Jul 12, 2022, at 6:19 PM, Amye Scavarda Perrin wrote:

Cloud Custodian has applied to move to the incubation level.

PR: https://github.com/cncf/toc/pull/644

DD: https://docs.google.com/document/d/1k_YAFUwF87E7YT-yUUTKU1OsXUk2MlCxJBYdJTr4LCw/edit?usp=sharing

Ricardo Rocha is the TOC sponsor for this project, has called for public comment and has approved a call for a public vote. (https://lists.cncf.io/g/cncf-toc/message/7180)

Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--

Amye Scavarda Perrin | Director of Developer Programs, CNCF | amye@...

Members of the TOC

 

A little over a year ago, Argo applied to move to graduated status [0] and we have since diligently worked our way through the process, addressing comments and concerns that have been brought up. 

As per our sponsor’s (dims) request, I’m writing to let you know that the due diligence document [1] has been updated with responses to the questions raised and overall project progress thus far.  

 

Quick summary and highlights follow below. Further details and links are available in the DD document itself. 

 

Looking forward to continuing the process with our sponsors and the TOC.  

 

Community 

Though we already had a large and vibrant community a year ago, the growth since then has been outstanding and we have seen an influx of maintainers, contributors, users and vendors. 

• 350+ self-reported enterprise users. (Though we know that the actual number is significantly higher) 

• Multiple vendors with commercial platforms based on one or more Argo projects

• 40 maintainers from 11 companies + two independent

 

Growth

• One of the highest velocity (behind OpenTelemetry and K8s) and most adopted project with over 50% in prod or eval based on the last CNCF annual study

• ~25000 GitHub stars, up ~ 75% in just over a year. 

 

Security

This was one of the areas pointed out as needing more attention, and over the last year, we have targeted resolving tactical concerns and issues, as well as setting up and strengthening strategic processes and programs that will ensure a long-term focus on security.

• Completed two external security audits, one with Trail of Bits and one with Ada Logic, with recommendations and fixes implemented by the project. 

• Implemented 50+ fuzzers that now run as part of our upstream processes

• Enrolled and participate in the Internet Bug Bounty program to encourage external reviews and vetting

• Established an Argo Security SIG with regular meetings to discuss and address security strategy and current issues. 

• Solidified internal processes around triaging of incoming vulnerabilities and updated external guides on how to report issues

• More maintainers and contributors focused on security, leading to several self-discovered CVEs and other fixes

• Completed self-assessments with CNCF Security TAG. Joint review is on-going. 

 

Project Governance

• Refined voting and governance procedures, better aligned with other graduated CNCF projects to ensure project diversity and longevity.

• Established guidelines for creation and membership in Argo project SIGs such as SIG Security and SIG Marketing.

 

Argo project

 

[0] https://github.com/cncf/toc/pull/604

[1] https://docs.google.com/document/d/1R4WjMG9s9JX8onZvOzEFSjBBFAInurN8tSiAFLqj-FE/edit#heading=h.kd4eg2uz3lt0

 

Cloud Custodian has applied to move to the incubation level.

PR: https://github.com/cncf/toc/pull/644
DD: https://docs.google.com/document/d/1k_YAFUwF87E7YT-yUUTKU1OsXUk2MlCxJBYdJTr4LCw/edit?usp=sharing

Ricardo Rocha is the TOC sponsor for this project, has called for public comment and has approved a call for a public vote. (https://lists.cncf.io/g/cncf-toc/message/7180)

Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--

Amye Scavarda Perrin | Director of Developer Programs, CNCF | amye@...

This is the official vote to approve the Mentoring Working Group for TAG Contributor Strategy. 

PR: https://github.com/cncf/tag-contributor-strategy/pull/188

Charter: https://github.com/cncf/tag-contributor-strategy/pull/188/files 

Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--

Amye Scavarda Perrin | Director of Developer Programs, CNCF | amye@...

This is the official vote to approve the Mentoring Working Group for TAG Contributor Strategy. 

PR: https://github.com/cncf/tag-contributor-strategy/pull/188

Charter: https://github.com/cncf/tag-contributor-strategy/pull/188/files 

Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--

Amye Scavarda Perrin | Director of Developer Programs, CNCF | amye@...

Community,
  
Both the SPIFFE and SPIRE projects have applied to move from incubation to graduation. As the TOC sponsors, Justin Cormack and I would like to thank everyone for their work and patience in bringing both projects to this exciting point.

• PR: https://github.com/cncf/toc/pull/778
• DD: https://docs.google.com/document/d/1u6ipO6Wr06zQzOUjU92cyX1mKx8Xn9QBXkSqHugQv8Q/edit?usp=sharing
• Adopter Interviews: Many interviews were done previously, two additional interviews were conducted anonymously and included in the DD below the existing user stories where previous interviews are captured.

Everyone is welcome to comment in the document, on the PR, or in reply to this thread, before we move to a TOC vote. This period of public comment will last a minimum of two weeks closing on AUG 9 2022.

Thank you.

~Emily Fox