Date   

Re: SPIFFE and SPIRE for Graduation: Public Comment Period thru AUG 9 2022

Frederick Kautz
 

+1 NB. Very excited to see this progress!

On Sun, Aug 7, 2022 at 7:00 PM Lin Sun via lists.cncf.io <linsun_unc=yahoo.com@...> wrote:
+1 NB, excited to see this - we have been using both widely in Istio.

Best,

Lin

On Aug 5, 2022, at 11:37 AM, Nicolas Vermandé <vfiftyfive@...> wrote:

+1 NB, great to see this evolution!

On Fri, Aug 5, 2022 at 4:22 PM Joe Beda <joe@...> wrote:

Sorry for being late to the party here.

+1 NB

Clearly I’m biased here because I helped get SPIFFE going. But I think this is a critical part of our emerging cloud native toolkit and I’m excited but he progress that the project has made thus far and where it is going.

I’m particularly happy with the split between SPIFFE and SPIRE. In the recent PR to update the TOC principles (https://github.com/cncf/toc/pull/886/) I think that this really embodies the principle of “Promote interfaces and defacto implementations over standards for real world use.” The ability for interoperability through SPIFFE and federation through SPIRE is a powerful combination that will only get more powerful over time.

Joe

On Tue, Jul 26, 2022 at 9:28 AM Emily Fox <themoxiefoxatwork@...> wrote:

Community,

Both the SPIFFE and SPIRE projects have applied to move from incubation to graduation. As the TOC sponsors, Justin Cormack and I would like to thank everyone for their work and patience in bringing both projects to this exciting point.

PR: https://github.com/cncf/toc/pull/778
DD: https://docs.google.com/document/d/1u6ipO6Wr06zQzOUjU92cyX1mKx8Xn9QBXkSqHugQv8Q/edit?usp=sharing
Adopter Interviews: Many interviews were done previously, two additional interviews were conducted anonymously and included in the DD below the existing user stories where previous interviews are captured.


Everyone is welcome to comment in the document, on the PR, or in reply to this thread, before we move to a TOC vote. This period of public comment will last a minimum of two weeks closing on AUG 9 2022.

Thank you.

~Emily Fox





-- 
Cheers,
Nic




Re: SPIFFE and SPIRE for Graduation: Public Comment Period thru AUG 9 2022

Lin Sun
 

+1 NB, excited to see this - we have been using both widely in Istio.

Best,

Lin

On Aug 5, 2022, at 11:37 AM, Nicolas Vermandé <vfiftyfive@...> wrote:

+1 NB, great to see this evolution!

On Fri, Aug 5, 2022 at 4:22 PM Joe Beda <joe@...> wrote:

Sorry for being late to the party here.

+1 NB

Clearly I’m biased here because I helped get SPIFFE going. But I think this is a critical part of our emerging cloud native toolkit and I’m excited but he progress that the project has made thus far and where it is going.

I’m particularly happy with the split between SPIFFE and SPIRE. In the recent PR to update the TOC principles (https://github.com/cncf/toc/pull/886/) I think that this really embodies the principle of “Promote interfaces and defacto implementations over standards for real world use.” The ability for interoperability through SPIFFE and federation through SPIRE is a powerful combination that will only get more powerful over time.

Joe

On Tue, Jul 26, 2022 at 9:28 AM Emily Fox <themoxiefoxatwork@...> wrote:

Community,

Both the SPIFFE and SPIRE projects have applied to move from incubation to graduation. As the TOC sponsors, Justin Cormack and I would like to thank everyone for their work and patience in bringing both projects to this exciting point.

PR: https://github.com/cncf/toc/pull/778
DD: https://docs.google.com/document/d/1u6ipO6Wr06zQzOUjU92cyX1mKx8Xn9QBXkSqHugQv8Q/edit?usp=sharing
Adopter Interviews: Many interviews were done previously, two additional interviews were conducted anonymously and included in the DD below the existing user stories where previous interviews are captured.


Everyone is welcome to comment in the document, on the PR, or in reply to this thread, before we move to a TOC vote. This period of public comment will last a minimum of two weeks closing on AUG 9 2022.

Thank you.

~Emily Fox





-- 
Cheers,
Nic




Re: Updates to Principles.md in cncf/toc repo

Liz Rice
 

LGTM! 

On Fri, 5 Aug 2022 at 16:10, alexis richardson <alexis@...> wrote:
very cool, thank you for doing this!  +1

On Fri, Aug 5, 2022 at 4:06 PM Davanum Srinivas <davanum@...> wrote:
>
> Folks,
>
> Please review the new language here[1] which is part of the PR here [2].
>
> We'll merge the PR next friday Aug 12th.
>
> thanks,
> Dims
>
> [1] https://github.com/cncf/toc/blob/04def8d0fd4755fb409e8d0761ea595d58229dc9/PRINCIPLES.md
> [2] https://github.com/cncf/toc/pull/886/
>
> --
> Davanum Srinivas :: https://twitter.com/dims
>






Re: SPIFFE and SPIRE for Graduation: Public Comment Period thru AUG 9 2022

Nicolas Vermandé
 

+1 NB, great to see this evolution!

On Fri, Aug 5, 2022 at 4:22 PM Joe Beda <joe@...> wrote:

Sorry for being late to the party here.

+1 NB

Clearly I’m biased here because I helped get SPIFFE going. But I think this is a critical part of our emerging cloud native toolkit and I’m excited but he progress that the project has made thus far and where it is going.

I’m particularly happy with the split between SPIFFE and SPIRE. In the recent PR to update the TOC principles (https://github.com/cncf/toc/pull/886/) I think that this really embodies the principle of “Promote interfaces and defacto implementations over standards for real world use.” The ability for interoperability through SPIFFE and federation through SPIRE is a powerful combination that will only get more powerful over time.

Joe

On Tue, Jul 26, 2022 at 9:28 AM Emily Fox <themoxiefoxatwork@...> wrote:

Community,

Both the SPIFFE and SPIRE projects have applied to move from incubation to graduation. As the TOC sponsors, Justin Cormack and I would like to thank everyone for their work and patience in bringing both projects to this exciting point.

PR: https://github.com/cncf/toc/pull/778
DD: https://docs.google.com/document/d/1u6ipO6Wr06zQzOUjU92cyX1mKx8Xn9QBXkSqHugQv8Q/edit?usp=sharing
Adopter Interviews: Many interviews were done previously, two additional interviews were conducted anonymously and included in the DD below the existing user stories where previous interviews are captured.


Everyone is welcome to comment in the document, on the PR, or in reply to this thread, before we move to a TOC vote. This period of public comment will last a minimum of two weeks closing on AUG 9 2022.

Thank you.

~Emily Fox
--
Cheers,
Nic


Re: SPIFFE and SPIRE for Graduation: Public Comment Period thru AUG 9 2022

Joe Beda
 

Sorry for being late to the party here.

+1 NB

Clearly I’m biased here because I helped get SPIFFE going.  But I think this is a critical part of our emerging cloud native toolkit and I’m excited but he progress that the project has made thus far and where it is going.

I’m particularly happy with the split between SPIFFE and SPIRE.  In the recent PR to update the TOC principles (https://github.com/cncf/toc/pull/886/) I think that this really embodies the principle of “Promote interfaces and defacto implementations over standards for real world use.”  The ability for interoperability through SPIFFE and federation through SPIRE is a powerful combination that will only get more powerful over time.

Joe

On Tue, Jul 26, 2022 at 9:28 AM Emily Fox <themoxiefoxatwork@...> wrote:
Community,
  
Both the SPIFFE and SPIRE projects have applied to move from incubation to graduation. As the TOC sponsors, Justin Cormack and I would like to thank everyone for their work and patience in bringing both projects to this exciting point.

Everyone is welcome to comment in the document, on the PR, or in reply to this thread, before we move to a TOC vote. This period of public comment will last a minimum of two weeks closing on AUG 9 2022.

Thank you.

~Emily Fox


Re: Updates to Principles.md in cncf/toc repo

alexis richardson
 

very cool, thank you for doing this! +1

On Fri, Aug 5, 2022 at 4:06 PM Davanum Srinivas <davanum@...> wrote:

Folks,

Please review the new language here[1] which is part of the PR here [2].

We'll merge the PR next friday Aug 12th.

thanks,
Dims

[1] https://github.com/cncf/toc/blob/04def8d0fd4755fb409e8d0761ea595d58229dc9/PRINCIPLES.md
[2] https://github.com/cncf/toc/pull/886/

--
Davanum Srinivas :: https://twitter.com/dims


Updates to Principles.md in cncf/toc repo

Davanum Srinivas
 

Folks,

Please review the new language here[1] which is part of the PR here [2]. 

We'll merge the PR next friday Aug 12th.

thanks,
Dims


Re: [VOTE] Cloud Custodian for incubation

Erin Boyd
 

+1 binding

On Mon, Jul 25, 2022 at 2:29 AM Dave Zolotusky via lists.cncf.io <dzolo=spotify.com@...> wrote:
+1 binding

I’m concerned about the BDFL-like governance and would like to see some work towards moving away from that in the next year. Though, overall, this looks great and I support moving on to incubation. 

~Dave

On Jul 19, 2022, at 11:00 PM, Matt Farina <matt@...> wrote:


+1 binding

On Tue, Jul 12, 2022, at 6:19 PM, Amye Scavarda Perrin wrote:
Cloud Custodian has applied to move to the incubation level.


Ricardo Rocha is the TOC sponsor for this project, has called for public comment and has approved a call for a public vote. (https://lists.cncf.io/g/cncf-toc/message/7180)

Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!
--
Amye Scavarda Perrin | Director of Developer Programs, CNCF | amye@...



--

Erin A. Boyd

Director of Emerging Technologies OCTO

Distinguished Engineer

Red Hat

eboyd@...   


Re: [VOTE] Cloud Custodian for incubation

Dave Zolotusky
 

Thanks Jorge,

Sorry for the slow response.

This probably isn't the right thread to go deeper into this conversation, but this looks like great progress towards a more open governance model. It looks like the right things are happening here.

On Tue, Jul 26, 2022 at 12:09 PM Jorge Castro <jorge@...> wrote:
Hi Dave,

Improving affiliation diversity has been a goal for us for this year. We've recently merged another maintainer: https://github.com/cloud-custodian/cloud-custodian/commit/d5a3010e02e105bf3d29520682b768d8534b32f9 and hoping to continue to train up folks to take on more responsibility if they so choose. I've taken a work item to detail more on our efforts in our next annual review report to surface more of this. 

As for the governance model there is a draft here : https://github.com/cloud-custodian/cloud-custodian/issues/7149
Hopefully no surprises on that one since it's strikingly similar to other CNCF projects on purpose. :) 

On Jul 25 2022, at 4:25 am, Dave Zolotusky via lists.cncf.io <dzolo=spotify.com@...> wrote:
+1 binding

I’m concerned about the BDFL-like governance and would like to see some work towards moving away from that in the next year. Though, overall, this looks great and I support moving on to incubation. 

~Dave

On Jul 19, 2022, at 11:00 PM, Matt Farina <matt@...> wrote:


+1 binding

On Tue, Jul 12, 2022, at 6:19 PM, Amye Scavarda Perrin wrote:
Cloud Custodian has applied to move to the incubation level.


Ricardo Rocha is the TOC sponsor for this project, has called for public comment and has approved a call for a public vote. (https://lists.cncf.io/g/cncf-toc/message/7180)

Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!
--
Amye Scavarda Perrin | Director of Developer Programs, CNCF | amye@...


--
~Dave


Re: Argo graduation progress

Davanum Srinivas
 

Thanks Henrik!

For the record, Lei Zhang and Cathy Zhang from the TOC are the Sponsors for Argo now and will continue the DD process etc.

-- Dims


On Wed, Aug 3, 2022 at 1:51 PM Blixt, Henrik via lists.cncf.io <henrik_blixt=intuit.com@...> wrote:

Members of the TOC

 

A little over a year ago, Argo applied to move to graduated status [0] and we have since diligently worked our way through the process, addressing comments and concerns that have been brought up. 

As per our sponsor’s (dims) request, I’m writing to let you know that the due diligence document [1] has been updated with responses to the questions raised and overall project progress thus far.  

 

Quick summary and highlights follow below. Further details and links are available in the DD document itself. 

 

Looking forward to continuing the process with our sponsors and the TOC.  

 

Community 

Though we already had a large and vibrant community a year ago, the growth since then has been outstanding and we have seen an influx of maintainers, contributors, users and vendors. 

• 350+ self-reported enterprise users. (Though we know that the actual number is significantly higher) 

• Multiple vendors with commercial platforms based on one or more Argo projects

• 40 maintainers from 11 companies + two independent

 

Growth

• One of the highest velocity (behind OpenTelemetry and K8s) and most adopted project with over 50% in prod or eval based on the last CNCF annual study

• ~25000 GitHub stars, up ~ 75% in just over a year. 

 

Security

This was one of the areas pointed out as needing more attention, and over the last year, we have targeted resolving tactical concerns and issues, as well as setting up and strengthening strategic processes and programs that will ensure a long-term focus on security.

• Completed two external security audits, one with Trail of Bits and one with Ada Logic, with recommendations and fixes implemented by the project. 

• Implemented 50+ fuzzers that now run as part of our upstream processes

• Enrolled and participate in the Internet Bug Bounty program to encourage external reviews and vetting

• Established an Argo Security SIG with regular meetings to discuss and address security strategy and current issues. 

• Solidified internal processes around triaging of incoming vulnerabilities and updated external guides on how to report issues

• More maintainers and contributors focused on security, leading to several self-discovered CVEs and other fixes

• Completed self-assessments with CNCF Security TAG. Joint review is on-going. 

 

Project Governance

• Refined voting and governance procedures, better aligned with other graduated CNCF projects to ensure project diversity and longevity.

• Established guidelines for creation and membership in Argo project SIGs such as SIG Security and SIG Marketing.

 

Argo project

 

[0] https://github.com/cncf/toc/pull/604

[1] https://docs.google.com/document/d/1R4WjMG9s9JX8onZvOzEFSjBBFAInurN8tSiAFLqj-FE/edit#heading=h.kd4eg2uz3lt0

 



--
Davanum Srinivas :: https://twitter.com/dims


LFX Mentorship '22 term 03-Sept-Nov

Nate Waddington
 

Hello everyone!

The new LFX Mentorship term (03-Sept-Nov) is now open for project ideas: https://github.com/cncf/mentoring/tree/main/lfx-mentorship/2022/03-Sept-Nov

Since I'm a bit late with this announcement, we'll extend the project proposals deadline till August 12, 5:00 PM PDT -- sorry about that, and thanks to everyone who've already made proposals!

Project submission and application timeline:
• project proposals: August 1 - August 12, 5:00 PM PDT
• mentee applications open: August 15 - August 24, 5:00 PM PDT
• application review/admission decisions/HR paperwork: August 25 - September 1, 5:00 PM PDT

We're looking forward to seeing all the project ideas you're interested in working on over the summer!

Cheers,
Nate Waddington


Co-chair
CNCF TAG Contributor Strategy Mentoring Working Group

Developer Advocate, CNCF
The Linux Foundation

nwaddington@...


Argo graduation progress

Blixt, Henrik
 

Members of the TOC

 

A little over a year ago, Argo applied to move to graduated status [0] and we have since diligently worked our way through the process, addressing comments and concerns that have been brought up. 

As per our sponsor’s (dims) request, I’m writing to let you know that the due diligence document [1] has been updated with responses to the questions raised and overall project progress thus far.  

 

Quick summary and highlights follow below. Further details and links are available in the DD document itself. 

 

Looking forward to continuing the process with our sponsors and the TOC.  

 

Community 

Though we already had a large and vibrant community a year ago, the growth since then has been outstanding and we have seen an influx of maintainers, contributors, users and vendors. 

• 350+ self-reported enterprise users. (Though we know that the actual number is significantly higher) 

• Multiple vendors with commercial platforms based on one or more Argo projects

• 40 maintainers from 11 companies + two independent

 

Growth

• One of the highest velocity (behind OpenTelemetry and K8s) and most adopted project with over 50% in prod or eval based on the last CNCF annual study

• ~25000 GitHub stars, up ~ 75% in just over a year. 

 

Security

This was one of the areas pointed out as needing more attention, and over the last year, we have targeted resolving tactical concerns and issues, as well as setting up and strengthening strategic processes and programs that will ensure a long-term focus on security.

• Completed two external security audits, one with Trail of Bits and one with Ada Logic, with recommendations and fixes implemented by the project. 

• Implemented 50+ fuzzers that now run as part of our upstream processes

• Enrolled and participate in the Internet Bug Bounty program to encourage external reviews and vetting

• Established an Argo Security SIG with regular meetings to discuss and address security strategy and current issues. 

• Solidified internal processes around triaging of incoming vulnerabilities and updated external guides on how to report issues

• More maintainers and contributors focused on security, leading to several self-discovered CVEs and other fixes

• Completed self-assessments with CNCF Security TAG. Joint review is on-going. 

 

Project Governance

• Refined voting and governance procedures, better aligned with other graduated CNCF projects to ensure project diversity and longevity.

• Established guidelines for creation and membership in Argo project SIGs such as SIG Security and SIG Marketing.

 

Argo project

 

[0] https://github.com/cncf/toc/pull/604

[1] https://docs.google.com/document/d/1R4WjMG9s9JX8onZvOzEFSjBBFAInurN8tSiAFLqj-FE/edit#heading=h.kd4eg2uz3lt0

 


[cncf-tag-security] STAG 3rd August — moving to 1300 GMT for this week

Brandon Lum
 

TAG Security is kicking off the first EMEA meeting! Come join us today!

---------- Forwarded message ---------
From: Andrew Martin <andy@...>
Date: Thu, Jul 28, 2022 at 9:34 AM
Subject: [cncf-tag-security] STAG 3rd August — moving to 1300 GMT for this week
To: <cncf-tag-security@...>


Hello lovely people of TAG Security,


We are looking to expand the availability of TAG Security participants, to be more EMEA-friendly by moving some meetings to a time better suited to community members outside the Americas.


The first instance of this will be Wednesday 3rd August at 13:00 BST. This will replace the usual meeting on that day. The week after we'll return to usual hours. 


This time equates to:


PDT 0500

EDT 0800 

IST 1730

Shanghai 2000

Sydney 2200


Further timezones on WorldTimezoneBuddy.


The meeting link will be the same, and we’ll use the same Slack channel to continue collaborating with friends and colleagues worldwide. New members are welcome to join any of the meetings as ever. 


We will start the meetings with some working group sessions to gain initial momentum, including looking at lightweight threat modelling process in the first meeting. 


Meetings will be recorded and uploaded to YouTube as ever. 


I look forward to seeing you there!



R. Racoon


Re: [VOTE] Cloud Custodian for incubation

Lei Zhang
 

+1 binding

On Tue, Jul 12, 2022 at 3:19 PM Amye Scavarda Perrin <ascavarda@...> wrote:
Cloud Custodian has applied to move to the incubation level.

PR: https://github.com/cncf/toc/pull/644
DD: https://docs.google.com/document/d/1k_YAFUwF87E7YT-yUUTKU1OsXUk2MlCxJBYdJTr4LCw/edit?usp=sharing

Ricardo Rocha is the TOC sponsor for this project, has called for public comment and has approved a call for a public vote. (https://lists.cncf.io/g/cncf-toc/message/7180)

Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!
--
Amye Scavarda Perrin | Director of Developer Programs, CNCF | amye@...


Re: [VOTE] TAG Contributor Strategy Mentoring WG

Lei Zhang
 

+1 binding

On Tue, Jul 12, 2022 at 3:19 PM Amye Scavarda Perrin <ascavarda@...> wrote:
This is the official vote to approve the Mentoring Working Group for TAG Contributor Strategy. 

PR: https://github.com/cncf/tag-contributor-strategy/pull/188

Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--
Amye Scavarda Perrin | Director of Developer Programs, CNCF | amye@...


[RESULT] TAG Contributor Strategy Mentoring WG approved

Amye Scavarda Perrin
 


Re: [VOTE] TAG Contributor Strategy Mentoring WG

Justin Cormack
 

+1 (binding)

On Tue, Jul 12, 2022 at 11:19 PM Amye Scavarda Perrin <ascavarda@...> wrote:
This is the official vote to approve the Mentoring Working Group for TAG Contributor Strategy. 

PR: https://github.com/cncf/tag-contributor-strategy/pull/188

Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--
Amye Scavarda Perrin | Director of Developer Programs, CNCF | amye@...


Re: [VOTE] TAG Contributor Strategy Mentoring WG

Alolita Sharma
 

+1 NB

Best,
Alolita Sharma


Agenda for TOC meeting, 8/2

Amye Scavarda Perrin
 

Hi all, 
We'll be meeting tomorrow at 8am Pacific. 

Agenda: https://docs.google.com/document/d/1jpoKT12jf2jTf-2EJSAl4iTdA7Aoj_uiI19qIaECNFc/edit#

Currently outstanding TOC items
TAG Updates: (new order!)
TAG-Storage
TAG Security
TAG-Runtime
TAG-Observability
TAG-Network
TAG-Contributor Strategy
TAG-App Delivery
Projects applying to move levels

Presentation: https://docs.google.com/presentation/d/16Nx94xJi7RzlbybR9G2QZ-7bAQPcxq_NlTENutIDTdA/edit#slide=id.g25ca91f87f_0_0 

--
Amye Scavarda Perrin | Director of Developer Programs, CNCF | amye@...


Re: SPIFFE and SPIRE for Graduation: Public Comment Period thru AUG 9 2022

Rey Lejano
 

+1 NB

Rey Lejano


On Tue, Jul 26, 2022 at 9:28 AM Emily Fox <themoxiefoxatwork@...> wrote:
Community,
  
Both the SPIFFE and SPIRE projects have applied to move from incubation to graduation. As the TOC sponsors, Justin Cormack and I would like to thank everyone for their work and patience in bringing both projects to this exciting point.

Everyone is welcome to comment in the document, on the PR, or in reply to this thread, before we move to a TOC vote. This period of public comment will last a minimum of two weeks closing on AUG 9 2022.

Thank you.

~Emily Fox