Date   

Re: Public comment period for Ambassador

Chris Aniszczyk
 

The problem is the company rebranded to Ambassador also here: https://www.getambassador.io, so the project needs to be renamed to deal with the obvious trademark conflict here. The CNCF is open to whatever the project decides and that clears a trademark search.


On Thu, Jan 7, 2021 at 11:50 AM Matt Klein <mattklein123@...> wrote:
Also, to be clear, I think Ambassador is a big part of the OSS brand and I had erroneously thought that we were sticking with that name. If we are going to change the name to something entirely new it might be good to do that and then circle back in a few months to see how it's going.

On Thu, Jan 7, 2021 at 9:47 AM Matt Klein via lists.cncf.io <mattklein123=gmail.com@...> wrote:
I'm sorry for not tracking this more closely, but I agree with Joe on this. I'm not OK with an acronym for something that IMO is too generic. I think you either have to stick with Ambassador or choose an entirely new name.

On Thu, Jan 7, 2021 at 9:37 AM Joe Beda <joe@...> wrote:
IC4E only begs the question about what it stands for.  It also doesn't set the project up, IMO, for success as the more memorable name will be with the commercial entity and it could stunt the development of the open source project outside of the commercial attachments.  If this were at the Sandbox level I probably wouldn't be bringing this up, but the name change along with introduction into Incubation is something new that the CNCF hasn't seen before.  I worry people will still colloquially refer to the OSS project as "Ambassador" (and documentation and install scripts still use the name).

On Thu, Jan 7, 2021 at 9:32 AM Daniel Bryant <daniel.bryant@...> wrote:

Hi Joe, Matt, many thanks for your comments.

@Matt, I remember you raising this in the DD document comments, and @Chris Aniszczyk suggested this would be acceptable under the trademark policy (e.g. "X for Envoy"). He suggested that we use a short name like "IC4E" in the docs and new website that would be created for the project.

We originally looked to ingress-nginx as inspiration, since the community seems to have accepted this as a name even though it’s well-understood it’s not “official”. We also wanted to with a descriptive name instead of an abstract name, because we thought it would be easier for people to understand.

Best wishes,

Daniel


On 06/01/2021 19:54, Matt Klein wrote:
> I object to the name "Ingress Controller for Envoy Proxy” as that also describes Contour.  This will create confusion and will be easily misread as "THE Ingress Controller for Envoy Proxy" and will violate the "no kingmakers" value of the TOC.

I agree and I raised a similar concern at some point but I don't remember the outcome here. @Daniel Bryant?

On Wed, Jan 6, 2021 at 10:48 AM Joe Beda <joe@...> wrote:
What is the new name?  The name "ambassador" is all over the docs and I'd expect to see this reframed around the new name.

I object to the name "Ingress Controller for Envoy Proxy” as that also describes Contour.  This will create confusion and will be easily misread as "THE Ingress Controller for Envoy Proxy" and will violate the "no kingmakers" value of the TOC.

Joe

On Wed, Jan 6, 2021 at 9:12 AM Matt Klein <mattklein123@...> wrote:
All,

Ambassador is applying for incubation status:
DD has been reviewed by myself and SIG Network and we are supportive. We are now calling for the 2 week public comment period prior to the vote.

Thanks,
Matt
-- 
Daniel Bryant | @danielbryantuk 
--
I like to work flexible hours (and across time zones), but please don't feel obligated to reply to this message outside of your own working hours.



--
Chris Aniszczyk (@cra)


Re: Public comment period for Ambassador

Matt Klein
 

Also, to be clear, I think Ambassador is a big part of the OSS brand and I had erroneously thought that we were sticking with that name. If we are going to change the name to something entirely new it might be good to do that and then circle back in a few months to see how it's going.


On Thu, Jan 7, 2021 at 9:47 AM Matt Klein via lists.cncf.io <mattklein123=gmail.com@...> wrote:
I'm sorry for not tracking this more closely, but I agree with Joe on this. I'm not OK with an acronym for something that IMO is too generic. I think you either have to stick with Ambassador or choose an entirely new name.

On Thu, Jan 7, 2021 at 9:37 AM Joe Beda <joe@...> wrote:
IC4E only begs the question about what it stands for.  It also doesn't set the project up, IMO, for success as the more memorable name will be with the commercial entity and it could stunt the development of the open source project outside of the commercial attachments.  If this were at the Sandbox level I probably wouldn't be bringing this up, but the name change along with introduction into Incubation is something new that the CNCF hasn't seen before.  I worry people will still colloquially refer to the OSS project as "Ambassador" (and documentation and install scripts still use the name).

On Thu, Jan 7, 2021 at 9:32 AM Daniel Bryant <daniel.bryant@...> wrote:

Hi Joe, Matt, many thanks for your comments.

@Matt, I remember you raising this in the DD document comments, and @Chris Aniszczyk suggested this would be acceptable under the trademark policy (e.g. "X for Envoy"). He suggested that we use a short name like "IC4E" in the docs and new website that would be created for the project.

We originally looked to ingress-nginx as inspiration, since the community seems to have accepted this as a name even though it’s well-understood it’s not “official”. We also wanted to with a descriptive name instead of an abstract name, because we thought it would be easier for people to understand.

Best wishes,

Daniel


On 06/01/2021 19:54, Matt Klein wrote:
> I object to the name "Ingress Controller for Envoy Proxy” as that also describes Contour.  This will create confusion and will be easily misread as "THE Ingress Controller for Envoy Proxy" and will violate the "no kingmakers" value of the TOC.

I agree and I raised a similar concern at some point but I don't remember the outcome here. @Daniel Bryant?

On Wed, Jan 6, 2021 at 10:48 AM Joe Beda <joe@...> wrote:
What is the new name?  The name "ambassador" is all over the docs and I'd expect to see this reframed around the new name.

I object to the name "Ingress Controller for Envoy Proxy” as that also describes Contour.  This will create confusion and will be easily misread as "THE Ingress Controller for Envoy Proxy" and will violate the "no kingmakers" value of the TOC.

Joe

On Wed, Jan 6, 2021 at 9:12 AM Matt Klein <mattklein123@...> wrote:
All,

Ambassador is applying for incubation status:
DD has been reviewed by myself and SIG Network and we are supportive. We are now calling for the 2 week public comment period prior to the vote.

Thanks,
Matt
-- 
Daniel Bryant | @danielbryantuk 
--
I like to work flexible hours (and across time zones), but please don't feel obligated to reply to this message outside of your own working hours.


Re: Public comment period for Ambassador

Matt Klein
 

I'm sorry for not tracking this more closely, but I agree with Joe on this. I'm not OK with an acronym for something that IMO is too generic. I think you either have to stick with Ambassador or choose an entirely new name.


On Thu, Jan 7, 2021 at 9:37 AM Joe Beda <joe@...> wrote:
IC4E only begs the question about what it stands for.  It also doesn't set the project up, IMO, for success as the more memorable name will be with the commercial entity and it could stunt the development of the open source project outside of the commercial attachments.  If this were at the Sandbox level I probably wouldn't be bringing this up, but the name change along with introduction into Incubation is something new that the CNCF hasn't seen before.  I worry people will still colloquially refer to the OSS project as "Ambassador" (and documentation and install scripts still use the name).

On Thu, Jan 7, 2021 at 9:32 AM Daniel Bryant <daniel.bryant@...> wrote:

Hi Joe, Matt, many thanks for your comments.

@Matt, I remember you raising this in the DD document comments, and @Chris Aniszczyk suggested this would be acceptable under the trademark policy (e.g. "X for Envoy"). He suggested that we use a short name like "IC4E" in the docs and new website that would be created for the project.

We originally looked to ingress-nginx as inspiration, since the community seems to have accepted this as a name even though it’s well-understood it’s not “official”. We also wanted to with a descriptive name instead of an abstract name, because we thought it would be easier for people to understand.

Best wishes,

Daniel


On 06/01/2021 19:54, Matt Klein wrote:
> I object to the name "Ingress Controller for Envoy Proxy” as that also describes Contour.  This will create confusion and will be easily misread as "THE Ingress Controller for Envoy Proxy" and will violate the "no kingmakers" value of the TOC.

I agree and I raised a similar concern at some point but I don't remember the outcome here. @Daniel Bryant?

On Wed, Jan 6, 2021 at 10:48 AM Joe Beda <joe@...> wrote:
What is the new name?  The name "ambassador" is all over the docs and I'd expect to see this reframed around the new name.

I object to the name "Ingress Controller for Envoy Proxy” as that also describes Contour.  This will create confusion and will be easily misread as "THE Ingress Controller for Envoy Proxy" and will violate the "no kingmakers" value of the TOC.

Joe

On Wed, Jan 6, 2021 at 9:12 AM Matt Klein <mattklein123@...> wrote:
All,

Ambassador is applying for incubation status:
DD has been reviewed by myself and SIG Network and we are supportive. We are now calling for the 2 week public comment period prior to the vote.

Thanks,
Matt
-- 
Daniel Bryant | @danielbryantuk 
--
I like to work flexible hours (and across time zones), but please don't feel obligated to reply to this message outside of your own working hours.


Re: Public comment period for Ambassador

Joe Beda
 

IC4E only begs the question about what it stands for.  It also doesn't set the project up, IMO, for success as the more memorable name will be with the commercial entity and it could stunt the development of the open source project outside of the commercial attachments.  If this were at the Sandbox level I probably wouldn't be bringing this up, but the name change along with introduction into Incubation is something new that the CNCF hasn't seen before.  I worry people will still colloquially refer to the OSS project as "Ambassador" (and documentation and install scripts still use the name).


On Thu, Jan 7, 2021 at 9:32 AM Daniel Bryant <daniel.bryant@...> wrote:

Hi Joe, Matt, many thanks for your comments.

@Matt, I remember you raising this in the DD document comments, and @Chris Aniszczyk suggested this would be acceptable under the trademark policy (e.g. "X for Envoy"). He suggested that we use a short name like "IC4E" in the docs and new website that would be created for the project.

We originally looked to ingress-nginx as inspiration, since the community seems to have accepted this as a name even though it’s well-understood it’s not “official”. We also wanted to with a descriptive name instead of an abstract name, because we thought it would be easier for people to understand.

Best wishes,

Daniel


On 06/01/2021 19:54, Matt Klein wrote:
> I object to the name "Ingress Controller for Envoy Proxy” as that also describes Contour.  This will create confusion and will be easily misread as "THE Ingress Controller for Envoy Proxy" and will violate the "no kingmakers" value of the TOC.

I agree and I raised a similar concern at some point but I don't remember the outcome here. @Daniel Bryant?

On Wed, Jan 6, 2021 at 10:48 AM Joe Beda <joe@...> wrote:
What is the new name?  The name "ambassador" is all over the docs and I'd expect to see this reframed around the new name.

I object to the name "Ingress Controller for Envoy Proxy” as that also describes Contour.  This will create confusion and will be easily misread as "THE Ingress Controller for Envoy Proxy" and will violate the "no kingmakers" value of the TOC.

Joe

On Wed, Jan 6, 2021 at 9:12 AM Matt Klein <mattklein123@...> wrote:
All,

Ambassador is applying for incubation status:
DD has been reviewed by myself and SIG Network and we are supportive. We are now calling for the 2 week public comment period prior to the vote.

Thanks,
Matt
-- 
Daniel Bryant | @danielbryantuk 
--
I like to work flexible hours (and across time zones), but please don't feel obligated to reply to this message outside of your own working hours.


Re: Public comment period for Ambassador

Daniel Bryant <daniel.bryant@...>
 

Hi Joe, Matt, many thanks for your comments.

@Matt, I remember you raising this in the DD document comments, and @Chris Aniszczyk suggested this would be acceptable under the trademark policy (e.g. "X for Envoy"). He suggested that we use a short name like "IC4E" in the docs and new website that would be created for the project.

We originally looked to ingress-nginx as inspiration, since the community seems to have accepted this as a name even though it’s well-understood it’s not “official”. We also wanted to with a descriptive name instead of an abstract name, because we thought it would be easier for people to understand.

Best wishes,

Daniel


On 06/01/2021 19:54, Matt Klein wrote:
> I object to the name "Ingress Controller for Envoy Proxy” as that also describes Contour.  This will create confusion and will be easily misread as "THE Ingress Controller for Envoy Proxy" and will violate the "no kingmakers" value of the TOC.

I agree and I raised a similar concern at some point but I don't remember the outcome here. @Daniel Bryant?

On Wed, Jan 6, 2021 at 10:48 AM Joe Beda <joe@...> wrote:
What is the new name?  The name "ambassador" is all over the docs and I'd expect to see this reframed around the new name.

I object to the name "Ingress Controller for Envoy Proxy” as that also describes Contour.  This will create confusion and will be easily misread as "THE Ingress Controller for Envoy Proxy" and will violate the "no kingmakers" value of the TOC.

Joe

On Wed, Jan 6, 2021 at 9:12 AM Matt Klein <mattklein123@...> wrote:
All,

Ambassador is applying for incubation status:
DD has been reviewed by myself and SIG Network and we are supportive. We are now calling for the 2 week public comment period prior to the vote.

Thanks,
Matt
-- 
Daniel Bryant | @danielbryantuk 
--
I like to work flexible hours (and across time zones), but please don't feel obligated to reply to this message outside of your own working hours.


Re: FYI: Fuzzing for CNCF Projects

Katie Gamanji
 

That's a very insightful report! Would be great to see more CNCF projects using fuzzing integration to simplify vulnerability scanning and bug fixing.


On Mon, Jan 4, 2021 at 10:04 PM Lorenzo Fontana <fontanalorenz@...> wrote:
Thanks for sharing, this is a very useful initiative Chris.

I’ve been thinking about doing a proposal for the Falco project to adopt syzcaller[0] to perform continuous fuzzing of the inputs/language parser.

I’ll bring up this topic at the next Falco community call to see what other maintainers think.  

Thanks again for sharing!

Lore

[0]:  https://syzkaller.appspot.com/

On Mon, 4 Jan 2021 at 22:31 Chris Aniszczyk <caniszczyk@...> wrote:
Hey TOC and the wider community, some of our projects have taken advantage of fuzzing (through oss-fuzz and other tools), also we recently funded some fuzzing/audit work for fluentbit to see the impact and usefulness: https://github.com/fluent/fluent-bit/pull/2853

I've attached a report as an output which contains all the issues found/resolved. If your project is interested in this type of work, let us know via a servicedesk request (https://github.com/cncf/servicedesk), we found it fairly useful on top of normal security audits.

--
Chris Aniszczyk (@cra)


Re: SIG-Security Tech Lead nominations

Dan Shaw
 

+1 NB

Thank you Ashutosh Narkar, Aradhana Chetal and Andres Vega for all the hard work advancing SIG-Security.

Dan Shaw
Cor.dev - Solving Solved Problems 💗


On Thu, Dec 17, 2020 at 5:43 PM Jeyappragash Jeyakeerthi <jj@...> wrote:

Dear Technical Oversight Committee,


On December 16th 2020, the SIG-Security co-chairs along with then TOC liason’s Liz Rice and Justin Cormack, agreed to nominate three Tech Leads for SIG-Security: Ashutosh Narkar, Aradhana Chetal and Andres Vega.


“Tech leads are assigned following a 2/3 majority vote of the TOC and a 2/3 majority vote of SIG Chairs” — cncf-sig elections


Thank you!

Jeyappragash.J.J

(On behalf of SIG-Security Chairs)


TL Candidates - Dec 2020


Ashutosh Narkar 


Aradhana Chetal 


Andres Vega

  • SIG-Security highlights

  • Professional affiliations: 

    • VMWare

  • Github: @anvega

  • CNCF Projects:

    • SPIFFE/SPIRE

  • SIG-Security 

    • Security Assess. Review lead: Harbor

    • Security Assess. Review lead: Cloud Buildpaks

    • Security Assess. participant: SPIFFE/SPIRE

    • Security Day program committee 2020 NA

    • Facilitator for SIG meetings, and in general good with making calls more lively (1)

    • Participating in organization of CN Sec. Day 2021 EU

    • Commits (5)

    • Issues (13)




Re: SIG-Security Tech Lead nominations

Katie Gamanji
 

+1 NB

Katie Gamanji

On Wed, 6 Jan 2021, 16:49 Alena Prokharchyk via lists.cncf.io, <aprokharchyk=apple.com@...> wrote:
+1 binding

-alena.

On Jan 6, 2021, at 1:34 AM, Liz Rice <liz@...> wrote:

Bumping this vote, as it would be great to get the new SIG Security leads in place if others on the TOC are comfortable with these nominees 

---------- Forwarded message ---------
From: Justin Cormack via lists.cncf.io <justin.cormack=docker.com@...>
Date: Fri, Dec 18, 2020 at 5:01 PM
Subject: Re: [cncf-toc] SIG-Security Tech Lead nominations
To: Jeyappragash Jeyakeerthi <jj@...>
Cc: CNCF TOC <cncf-toc@...>


+1 binding

Justin


On Fri, Dec 18, 2020 at 1:43 AM Jeyappragash Jeyakeerthi <jj@...> wrote:
Dear Technical Oversight Committee,

On December 16th 2020, the SIG-Security co-chairs along with then TOC liason’s Liz Rice and Justin Cormack, agreed to nominate three Tech Leads for SIG-Security: Ashutosh Narkar, Aradhana Chetal and Andres Vega.

“Tech leads are assigned following a 2/3 majority vote of the TOC and a 2/3 majority vote of SIG Chairs” — cncf-sig elections

Thank you!
Jeyappragash.J.J
(On behalf of SIG-Security Chairs)

TL Candidates - Dec 2020


Ashutosh Narkar 

Aradhana Chetal 

Andres Vega
  • SIG-Security highlights
  • Professional affiliations: 
    • VMWare
  • Github: @anvega
  • CNCF Projects:
    • SPIFFE/SPIRE
  • SIG-Security 
    • Security Assess. Review lead: Harbor
    • Security Assess. Review lead: Cloud Buildpaks
    • Security Assess. participant: SPIFFE/SPIRE
    • Security Day program committee 2020 NA
    • Facilitator for SIG meetings, and in general good with making calls more lively (1)
    • Participating in organization of CN Sec. Day 2021 EU
    • Issues (13)








Re: Public comment period for Ambassador

Matt Klein
 

> I object to the name "Ingress Controller for Envoy Proxy” as that also describes Contour.  This will create confusion and will be easily misread as "THE Ingress Controller for Envoy Proxy" and will violate the "no kingmakers" value of the TOC.

I agree and I raised a similar concern at some point but I don't remember the outcome here. @Daniel Bryant?

On Wed, Jan 6, 2021 at 10:48 AM Joe Beda <joe@...> wrote:
What is the new name?  The name "ambassador" is all over the docs and I'd expect to see this reframed around the new name.

I object to the name "Ingress Controller for Envoy Proxy” as that also describes Contour.  This will create confusion and will be easily misread as "THE Ingress Controller for Envoy Proxy" and will violate the "no kingmakers" value of the TOC.

Joe

On Wed, Jan 6, 2021 at 9:12 AM Matt Klein <mattklein123@...> wrote:
All,

Ambassador is applying for incubation status:
DD has been reviewed by myself and SIG Network and we are supportive. We are now calling for the 2 week public comment period prior to the vote.

Thanks,
Matt


Re: Public comment period for Ambassador

Joe Beda
 

What is the new name?  The name "ambassador" is all over the docs and I'd expect to see this reframed around the new name.

I object to the name "Ingress Controller for Envoy Proxy” as that also describes Contour.  This will create confusion and will be easily misread as "THE Ingress Controller for Envoy Proxy" and will violate the "no kingmakers" value of the TOC.

Joe

On Wed, Jan 6, 2021 at 9:12 AM Matt Klein <mattklein123@...> wrote:
All,

Ambassador is applying for incubation status:
DD has been reviewed by myself and SIG Network and we are supportive. We are now calling for the 2 week public comment period prior to the vote.

Thanks,
Matt


Public comment period for Ambassador

Matt Klein
 

All,

Ambassador is applying for incubation status:
DD has been reviewed by myself and SIG Network and we are supportive. We are now calling for the 2 week public comment period prior to the vote.

Thanks,
Matt


Re: SIG-Security Tech Lead nominations

Alena Prokharchyk
 

+1 binding

-alena.

On Jan 6, 2021, at 1:34 AM, Liz Rice <liz@...> wrote:

Bumping this vote, as it would be great to get the new SIG Security leads in place if others on the TOC are comfortable with these nominees 

---------- Forwarded message ---------
From: Justin Cormack via lists.cncf.io <justin.cormack=docker.com@...>
Date: Fri, Dec 18, 2020 at 5:01 PM
Subject: Re: [cncf-toc] SIG-Security Tech Lead nominations
To: Jeyappragash Jeyakeerthi <jj@...>
Cc: CNCF TOC <cncf-toc@...>


+1 binding

Justin


On Fri, Dec 18, 2020 at 1:43 AM Jeyappragash Jeyakeerthi <jj@...> wrote:
Dear Technical Oversight Committee,

On December 16th 2020, the SIG-Security co-chairs along with then TOC liason’s Liz Rice and Justin Cormack, agreed to nominate three Tech Leads for SIG-Security: Ashutosh Narkar, Aradhana Chetal and Andres Vega.

“Tech leads are assigned following a 2/3 majority vote of the TOC and a 2/3 majority vote of SIG Chairs” — cncf-sig elections

Thank you!
Jeyappragash.J.J
(On behalf of SIG-Security Chairs)

TL Candidates - Dec 2020


Ashutosh Narkar 

Aradhana Chetal 

Andres Vega
  • SIG-Security highlights
  • Professional affiliations: 
    • VMWare
  • Github: @anvega
  • CNCF Projects:
    • SPIFFE/SPIRE
  • SIG-Security 
    • Security Assess. Review lead: Harbor
    • Security Assess. Review lead: Cloud Buildpaks
    • Security Assess. participant: SPIFFE/SPIRE
    • Security Day program committee 2020 NA
    • Facilitator for SIG meetings, and in general good with making calls more lively (1)
    • Participating in organization of CN Sec. Day 2021 EU
    • Issues (13)








Re: [EXTERNAL] Re: [cncf-toc] SIG-Security Tech Lead nominations

Brendan Burns
 

+1, binding

--brendan


From: cncf-toc@... <cncf-toc@...> on behalf of Dave Zolotusky via lists.cncf.io <dzolo=spotify.com@...>
Sent: Wednesday, January 6, 2021 6:55:44 AM
To: John Hillegass <hillegassdev@...>
Cc: CNCF TOC <cncf-toc@...>; Liz Rice <liz@...>
Subject: [EXTERNAL] Re: [cncf-toc] SIG-Security Tech Lead nominations
 
+1 binding

On Wed, Jan 6, 2021 at 2:34 PM John Hillegass <hillegassdev@...> wrote:
+1 NB
On Jan 6, 2021, 4:35 AM -0500, Liz Rice <liz@...>, wrote:
Bumping this vote, as it would be great to get the new SIG Security leads in place if others on the TOC are comfortable with these nominees 

---------- Forwarded message ---------
From: Justin Cormack via lists.cncf.io <justin.cormack=docker.com@...>
Date: Fri, Dec 18, 2020 at 5:01 PM
Subject: Re: [cncf-toc] SIG-Security Tech Lead nominations
To: Jeyappragash Jeyakeerthi <jj@...>
Cc: CNCF TOC <cncf-toc@...>


+1 binding

Justin


On Fri, Dec 18, 2020 at 1:43 AM Jeyappragash Jeyakeerthi <jj@...> wrote:

Dear Technical Oversight Committee,


On December 16th 2020, the SIG-Security co-chairs along with then TOC liason’s Liz Rice and Justin Cormack, agreed to nominate three Tech Leads for SIG-Security: Ashutosh Narkar, Aradhana Chetal and Andres Vega.


“Tech leads are assigned following a 2/3 majority vote of the TOC and a 2/3 majority vote of SIG Chairs” — cncf-sig elections


Thank you!

Jeyappragash.J.J

(On behalf of SIG-Security Chairs)


TL Candidates - Dec 2020


Ashutosh Narkar


Aradhana Chetal 


Andres Vega

  • SIG-Security highlights

  • Professional affiliations: 

    • VMWare

  • Github: @anvega

  • CNCF Projects:

    • SPIFFE/SPIRE

  • SIG-Security 

    • Security Assess. Review lead: Harbor

    • Security Assess. Review lead: Cloud Buildpaks

    • Security Assess. participant: SPIFFE/SPIRE

    • Security Day program committee 2020 NA

    • Facilitator for SIG meetings, and in general good with making calls more lively (1)

    • Participating in organization of CN Sec. Day 2021 EU

    • Commits (5)

    • Issues (13)





--
~Dave


Re: SIG-Security Tech Lead nominations

Dave Zolotusky
 

+1 binding

On Wed, Jan 6, 2021 at 2:34 PM John Hillegass <hillegassdev@...> wrote:
+1 NB
On Jan 6, 2021, 4:35 AM -0500, Liz Rice <liz@...>, wrote:
Bumping this vote, as it would be great to get the new SIG Security leads in place if others on the TOC are comfortable with these nominees 

---------- Forwarded message ---------
From: Justin Cormack via lists.cncf.io <justin.cormack=docker.com@...>
Date: Fri, Dec 18, 2020 at 5:01 PM
Subject: Re: [cncf-toc] SIG-Security Tech Lead nominations
To: Jeyappragash Jeyakeerthi <jj@...>
Cc: CNCF TOC <cncf-toc@...>


+1 binding

Justin


On Fri, Dec 18, 2020 at 1:43 AM Jeyappragash Jeyakeerthi <jj@...> wrote:

Dear Technical Oversight Committee,


On December 16th 2020, the SIG-Security co-chairs along with then TOC liason’s Liz Rice and Justin Cormack, agreed to nominate three Tech Leads for SIG-Security: Ashutosh Narkar, Aradhana Chetal and Andres Vega.


“Tech leads are assigned following a 2/3 majority vote of the TOC and a 2/3 majority vote of SIG Chairs” — cncf-sig elections


Thank you!

Jeyappragash.J.J

(On behalf of SIG-Security Chairs)


TL Candidates - Dec 2020


Ashutosh Narkar


Aradhana Chetal 


Andres Vega

  • SIG-Security highlights

  • Professional affiliations: 

    • VMWare

  • Github: @anvega

  • CNCF Projects:

    • SPIFFE/SPIRE

  • SIG-Security 

    • Security Assess. Review lead: Harbor

    • Security Assess. Review lead: Cloud Buildpaks

    • Security Assess. participant: SPIFFE/SPIRE

    • Security Day program committee 2020 NA

    • Facilitator for SIG meetings, and in general good with making calls more lively (1)

    • Participating in organization of CN Sec. Day 2021 EU

    • Commits (5)

    • Issues (13)





--
~Dave


Re: SIG-Security Tech Lead nominations

John Hillegass
 

+1 NB

On Jan 6, 2021, 4:35 AM -0500, Liz Rice <liz@...>, wrote:
Bumping this vote, as it would be great to get the new SIG Security leads in place if others on the TOC are comfortable with these nominees 

---------- Forwarded message ---------
From: Justin Cormack via lists.cncf.io <justin.cormack=docker.com@...>
Date: Fri, Dec 18, 2020 at 5:01 PM
Subject: Re: [cncf-toc] SIG-Security Tech Lead nominations
To: Jeyappragash Jeyakeerthi <jj@...>
Cc: CNCF TOC <cncf-toc@...>


+1 binding

Justin


On Fri, Dec 18, 2020 at 1:43 AM Jeyappragash Jeyakeerthi <jj@...> wrote:

Dear Technical Oversight Committee,


On December 16th 2020, the SIG-Security co-chairs along with then TOC liason’s Liz Rice and Justin Cormack, agreed to nominate three Tech Leads for SIG-Security: Ashutosh Narkar, Aradhana Chetal and Andres Vega.


“Tech leads are assigned following a 2/3 majority vote of the TOC and a 2/3 majority vote of SIG Chairs” — cncf-sig elections


Thank you!

Jeyappragash.J.J

(On behalf of SIG-Security Chairs)


TL Candidates - Dec 2020


Ashutosh Narkar


Aradhana Chetal 


Andres Vega

  • SIG-Security highlights

  • Professional affiliations: 

    • VMWare

  • Github: @anvega

  • CNCF Projects:

    • SPIFFE/SPIRE

  • SIG-Security 

    • Security Assess. Review lead: Harbor

    • Security Assess. Review lead: Cloud Buildpaks

    • Security Assess. participant: SPIFFE/SPIRE

    • Security Day program committee 2020 NA

    • Facilitator for SIG meetings, and in general good with making calls more lively (1)

    • Participating in organization of CN Sec. Day 2021 EU

    • Commits (5)

    • Issues (13)




SIG-Security Tech Lead nominations

Liz Rice
 

Bumping this vote, as it would be great to get the new SIG Security leads in place if others on the TOC are comfortable with these nominees 

---------- Forwarded message ---------
From: Justin Cormack via lists.cncf.io <justin.cormack=docker.com@...>
Date: Fri, Dec 18, 2020 at 5:01 PM
Subject: Re: [cncf-toc] SIG-Security Tech Lead nominations
To: Jeyappragash Jeyakeerthi <jj@...>
Cc: CNCF TOC <cncf-toc@...>


+1 binding

Justin


On Fri, Dec 18, 2020 at 1:43 AM Jeyappragash Jeyakeerthi <jj@...> wrote:

Dear Technical Oversight Committee,


On December 16th 2020, the SIG-Security co-chairs along with then TOC liason’s Liz Rice and Justin Cormack, agreed to nominate three Tech Leads for SIG-Security: Ashutosh Narkar, Aradhana Chetal and Andres Vega.


“Tech leads are assigned following a 2/3 majority vote of the TOC and a 2/3 majority vote of SIG Chairs” — cncf-sig elections


Thank you!

Jeyappragash.J.J

(On behalf of SIG-Security Chairs)


TL Candidates - Dec 2020


Ashutosh Narkar 


Aradhana Chetal 


Andres Vega

  • SIG-Security highlights

  • Professional affiliations: 

    • VMWare

  • Github: @anvega

  • CNCF Projects:

    • SPIFFE/SPIRE

  • SIG-Security 

    • Security Assess. Review lead: Harbor

    • Security Assess. Review lead: Cloud Buildpaks

    • Security Assess. participant: SPIFFE/SPIRE

    • Security Day program committee 2020 NA

    • Facilitator for SIG meetings, and in general good with making calls more lively (1)

    • Participating in organization of CN Sec. Day 2021 EU

    • Commits (5)

    • Issues (13)




[TOC] Nominations Open through 12pm PT, January 11, 2021

Chris Aniszczyk
 

Just a reminder about upcoming TOC elections for the GB and end user seats!

Feel free to petition your GB and end user member representatives!

---------- Forwarded message ---------
From: Amye Scavarda Perrin <ascavarda@...>
Date: Mon, Dec 14, 2020 at 2:02 PM
Subject: [cncf-toc] [TOC] Nominations Open through 12pm PT, January 11, 2021
To: CNCF TOC <cncf-toc@...>


5 seats are open for nomination by the GB and End User Community.
Nominations are open for the two Selecting Groups.

We will be publishing the list of qualified nominees at the end of the qualification process.

Timeline:
December 14: Nominations open – 12 PM PT
January 11: Nominations close - 12 PM PT
Jan 11: Qualification period opens
Jan 25: Qualification period closes
Jan 25: Election opens, Voting occurs by a time-limited Condorcet-IRV ranking in CIVS
Feb 1: Election closes at 12pm Pacific, results announced

--
Amye Scavarda Perrin | Program Manager | amye@...



--
Chris Aniszczyk (@cra)


Re: FYI: Fuzzing for CNCF Projects

Lorenzo Fontana
 

Thanks for sharing, this is a very useful initiative Chris.

I’ve been thinking about doing a proposal for the Falco project to adopt syzcaller[0] to perform continuous fuzzing of the inputs/language parser.

I’ll bring up this topic at the next Falco community call to see what other maintainers think.  

Thanks again for sharing!

Lore


On Mon, 4 Jan 2021 at 22:31 Chris Aniszczyk <caniszczyk@...> wrote:
Hey TOC and the wider community, some of our projects have taken advantage of fuzzing (through oss-fuzz and other tools), also we recently funded some fuzzing/audit work for fluentbit to see the impact and usefulness: https://github.com/fluent/fluent-bit/pull/2853

I've attached a report as an output which contains all the issues found/resolved. If your project is interested in this type of work, let us know via a servicedesk request (https://github.com/cncf/servicedesk), we found it fairly useful on top of normal security audits.

--
Chris Aniszczyk (@cra)


FYI: Fuzzing for CNCF Projects

Chris Aniszczyk
 

Hey TOC and the wider community, some of our projects have taken advantage of fuzzing (through oss-fuzz and other tools), also we recently funded some fuzzing/audit work for fluentbit to see the impact and usefulness: https://github.com/fluent/fluent-bit/pull/2853

I've attached a report as an output which contains all the issues found/resolved. If your project is interested in this type of work, let us know via a servicedesk request (https://github.com/cncf/servicedesk), we found it fairly useful on top of normal security audits.

--
Chris Aniszczyk (@cra)


Agenda for 1/5

Amye Scavarda Perrin
 

801 - 820 of 6383