Re: SPIFFE and SPIRE for Graduation: Public Comment Period thru AUG 9 2022
+1 NB. Very excited to see this progress!
|
|
Re: SPIFFE and SPIRE for Graduation: Public Comment Period thru AUG 9 2022
Lin Sun
+1 NB, excited to see this - we have been using both widely in Istio.
toggle quoted message
Show quoted text
Best, Lin
|
|
Re: Updates to Principles.md in cncf/toc repo
Liz Rice
LGTM! On Fri, 5 Aug 2022 at 16:10, alexis richardson <alexis@...> wrote: very cool, thank you for doing this! +1 |
|
Re: SPIFFE and SPIRE for Graduation: Public Comment Period thru AUG 9 2022
Nicolas Vermandé
+1 NB, great to see this evolution!
toggle quoted message
Show quoted text
On Fri, Aug 5, 2022 at 4:22 PM Joe Beda <joe@...> wrote:
--
Cheers, Nic |
|
Re: SPIFFE and SPIRE for Graduation: Public Comment Period thru AUG 9 2022
Joe Beda
Sorry for being late to the party here. +1 NB Clearly I’m biased here because I helped get SPIFFE going. But I think this is a critical part of our emerging cloud native toolkit and I’m excited but he progress that the project has made thus far and where it is going. I’m particularly happy with the split between SPIFFE and SPIRE. In the recent PR to update the TOC principles (https://github.com/cncf/toc/pull/886/) I think that this really embodies the principle of “Promote interfaces and defacto implementations over standards for real world use.” The ability for interoperability through SPIFFE and federation through SPIRE is a powerful combination that will only get more powerful over time. Joe On Tue, Jul 26, 2022 at 9:28 AM Emily Fox <themoxiefoxatwork@...> wrote: Community, |
|
Re: Updates to Principles.md in cncf/toc repo
alexis richardson
very cool, thank you for doing this! +1
toggle quoted message
Show quoted text
On Fri, Aug 5, 2022 at 4:06 PM Davanum Srinivas <davanum@...> wrote:
|
|
Updates to Principles.md in cncf/toc repo
Folks, Please review the new language here[1] which is part of the PR here [2]. We'll merge the PR next friday Aug 12th. thanks, Dims |
|
Re: [VOTE] Cloud Custodian for incubation
Erin Boyd
+1 binding
|
|
Re: [VOTE] Cloud Custodian for incubation
Thanks Jorge, Sorry for the slow response. This probably isn't the right thread to go deeper into this conversation, but this looks like great progress towards a more open governance model. It looks like the right things are happening here. On Tue, Jul 26, 2022 at 12:09 PM Jorge Castro <jorge@...> wrote:
--
~Dave |
|
Re: Argo graduation progress
Thanks Henrik! For the record, Lei Zhang and Cathy Zhang from the TOC are the Sponsors for Argo now and will continue the DD process etc. -- Dims
--
Davanum Srinivas :: https://twitter.com/dims |
|
LFX Mentorship '22 term 03-Sept-Nov
Nate Waddington
Hello everyone!
The new LFX Mentorship term (03-Sept-Nov) is now open for project ideas: https://github.com/cncf/mentoring/tree/main/lfx-mentorship/2022/03-Sept-Nov Since I'm a bit late with this announcement, we'll extend the project proposals deadline till August 12, 5:00 PM PDT -- sorry about that, and thanks to everyone who've already made proposals! Project submission and application timeline: • project proposals: August 1 - August 12, 5:00 PM PDT • mentee applications open: August 15 - August 24, 5:00 PM PDT • application review/admission decisions/HR paperwork: August 25 - September 1, 5:00 PM PDT We're looking forward to seeing all the project ideas you're interested in working on over the summer! Cheers, Nate Waddington — Co-chair CNCF TAG Contributor Strategy Mentoring Working Group Developer Advocate, CNCF The Linux Foundation nwaddington@... |
|
Argo graduation progress
Blixt, Henrik
Members of the TOC
A little over a year ago, Argo applied to move to graduated status [0] and we have since diligently worked our way through the process, addressing comments and concerns that have been brought up. As per our sponsor’s (dims) request, I’m writing to let you know that the due diligence document [1] has been updated with responses to the questions raised and overall project progress thus far.
Quick summary and highlights follow below. Further details and links are available in the DD document itself.
Looking forward to continuing the process with our sponsors and the TOC.
Community Though we already had a large and vibrant community a year ago, the growth since then has been outstanding and we have seen an influx of maintainers, contributors, users and vendors. • 350+ self-reported enterprise users. (Though we know that the actual number is significantly higher) • Multiple vendors with commercial platforms based on one or more Argo projects • 40 maintainers from 11 companies + two independent
Growth • One of the highest velocity (behind OpenTelemetry and K8s) and most adopted project with over 50% in prod or eval based on the last CNCF annual study • ~25000 GitHub stars, up ~ 75% in just over a year.
Security This was one of the areas pointed out as needing more attention, and over the last year, we have targeted resolving tactical concerns and issues, as well as setting up and strengthening strategic processes and programs that will ensure a long-term focus on security. • Completed two external security audits, one with Trail of Bits and one with Ada Logic, with recommendations and fixes implemented by the project. • Implemented 50+ fuzzers that now run as part of our upstream processes • Enrolled and participate in the Internet Bug Bounty program to encourage external reviews and vetting • Established an Argo Security SIG with regular meetings to discuss and address security strategy and current issues. • Solidified internal processes around triaging of incoming vulnerabilities and updated external guides on how to report issues • More maintainers and contributors focused on security, leading to several self-discovered CVEs and other fixes • Completed self-assessments with CNCF Security TAG. Joint review is on-going.
Project Governance • Refined voting and governance procedures, better aligned with other graduated CNCF projects to ensure project diversity and longevity. • Established guidelines for creation and membership in Argo project SIGs such as SIG Security and SIG Marketing.
Argo project
[0] https://github.com/cncf/toc/pull/604
|
|
[cncf-tag-security] STAG 3rd August — moving to 1300 GMT for this week
Brandon Lum
TAG Security is kicking off the first EMEA meeting! Come join us today! ---------- Forwarded message --------- From: Andrew Martin <andy@...> Date: Thu, Jul 28, 2022 at 9:34 AM Subject: [cncf-tag-security] STAG 3rd August — moving to 1300 GMT for this week To: <cncf-tag-security@...> Hello lovely people of TAG Security, We are looking to expand the availability of TAG Security participants, to be more EMEA-friendly by moving some meetings to a time better suited to community members outside the Americas. The first instance of this will be Wednesday 3rd August at 13:00 BST. This will replace the usual meeting on that day. The week after we'll return to usual hours. This time equates to: PDT 0500 EDT 0800 IST 1730 Shanghai 2000 Sydney 2200 Further timezones on WorldTimezoneBuddy. The meeting link will be the same, and we’ll use the same Slack channel to continue collaborating with friends and colleagues worldwide. New members are welcome to join any of the meetings as ever. We will start the meetings with some working group sessions to gain initial momentum, including looking at lightweight threat modelling process in the first meeting. Meetings will be recorded and uploaded to YouTube as ever. I look forward to seeing you there! R. Racoon |
|
Re: [VOTE] Cloud Custodian for incubation
Lei Zhang
+1 binding On Tue, Jul 12, 2022 at 3:19 PM Amye Scavarda Perrin <ascavarda@...> wrote:
|
|
Re: [VOTE] TAG Contributor Strategy Mentoring WG
Lei Zhang
+1 binding On Tue, Jul 12, 2022 at 3:19 PM Amye Scavarda Perrin <ascavarda@...> wrote:
|
|
[RESULT] TAG Contributor Strategy Mentoring WG approved
Amye Scavarda Perrin
TAG Contributor Strategy Mentoring WG has been approved. 8/11 Emily Fox: https://lists.cncf.io/g/cncf-toc/message/7232 Richard Hartmann: https://lists.cncf.io/g/cncf-toc/message/7235 Davanum Srinivas: https://lists.cncf.io/g/cncf-toc/message/7239 Cathy Zhang: https://lists.cncf.io/g/cncf-toc/message/7246 Dave Zolotusky: https://lists.cncf.io/g/cncf-toc/message/7266 Katie Gamanji: https://lists.cncf.io/g/cncf-toc/message/7267 Matt Farina: https://lists.cncf.io/g/cncf-toc/message/7297 Justin Cormack: https://lists.cncf.io/g/cncf-toc/message/7315 Deepthi Sigireddi: https://lists.cncf.io/g/cncf-toc/message/7234 Dawn Foster: https://lists.cncf.io/g/cncf-toc/message/7238 Carolyn Van Slyck: https://lists.cncf.io/g/cncf-toc/message/7241 Bill Mulligan: https://lists.cncf.io/g/cncf-toc/message/7242 Diyva Mohan: https://lists.cncf.io/g/cncf-toc/message/7243 Huabing Zhao: https://lists.cncf.io/g/cncf-toc/message/7270 Chris Short: https://lists.cncf.io/g/cncf-toc/message/7298 Alolita Sharma: https://lists.cncf.io/g/cncf-toc/message/7314 Amye Scavarda Perrin | Director of Developer Programs, CNCF | amye@... |
|
Re: [VOTE] TAG Contributor Strategy Mentoring WG
Justin Cormack
+1 (binding) On Tue, Jul 12, 2022 at 11:19 PM Amye Scavarda Perrin <ascavarda@...> wrote:
|
|
Re: [VOTE] TAG Contributor Strategy Mentoring WG
+1 NB
Best, Alolita Sharma |
|
Agenda for TOC meeting, 8/2
Amye Scavarda Perrin
Hi all, We'll be meeting tomorrow at 8am Pacific. Currently outstanding TOC items TAG Updates: (new order!) TAG-Storage TAG Security TAG-Runtime TAG-Observability TAG-Network TAG-Contributor Strategy TAG-App Delivery Projects applying to move levels Presentation: https://docs.google.com/presentation/d/16Nx94xJi7RzlbybR9G2QZ-7bAQPcxq_NlTENutIDTdA/edit#slide=id.g25ca91f87f_0_0 Amye Scavarda Perrin | Director of Developer Programs, CNCF | amye@... |
|
Re: SPIFFE and SPIRE for Graduation: Public Comment Period thru AUG 9 2022
Rey Lejano
+1 NB Rey Lejano On Tue, Jul 26, 2022 at 9:28 AM Emily Fox <themoxiefoxatwork@...> wrote: Community, |
|