Date   

Re: FYI: Cloud Native Security Whitepaper 2020

Justin Cormack
 

Thanks to everyone who worked so hard on this. Congratulations on shipping it, it will be very
helpful. 

Justin


On Wed, Nov 18, 2020 at 5:38 PM Chris Aniszczyk <caniszczyk@...> wrote:
The CNCF Security SIG did an excellent job putting together a white paper around cloud native security: https://github.com/cncf/sig-security/blob/master/security-whitepaper/cloud-native-security-whitepaper.md

It's great! Please check it out and feel free to provide their community feedback on it!

--
Chris Aniszczyk (@cra)


FYI: Cloud Native Security Whitepaper 2020

Chris Aniszczyk
 

The CNCF Security SIG did an excellent job putting together a white paper around cloud native security: https://github.com/cncf/sig-security/blob/master/security-whitepaper/cloud-native-security-whitepaper.md

It's great! Please check it out and feel free to provide their community feedback on it!

--
Chris Aniszczyk (@cra)


Re: FYI: New Training Course on Diversity in Open Source

Chris Aniszczyk
 

Let's put it as a discussion item for the next meeting and consider rolling it out in 2021


On Wed, Nov 18, 2020 at 9:47 AM Liz Rice <liz@...> wrote:
Thanks Chris. 

We could also require it for TOC members & SIG chairs too 


On Wed, Nov 18, 2020 at 2:40 PM Chris Aniszczyk <caniszczyk@...> wrote:
Thanks!

Liz I have added this as a requirement per the project proposal process: https://github.com/cncf/toc/pull/570

We can discuss at the next TOC meeting to vote/finalize the changes, but I think the best place to put the requirement is at the project proposal phase where we can easily check against the initial list of maintainers. In the future, we can try to do something fancy like an automated audit report based on what's in maintainers.cncf.io and if they have taken the course.

On Wed, Nov 18, 2020 at 8:30 AM Bartłomiej Płotka <bwplotka@...> wrote:
Hi,

Just completed it (takes ~20 min) and definitely can recommend it to all who maintain projects on open source! 🤗 

It's actionable and insightful, +1 to make it mandatory.

BTW, direct training link: https://training.linuxfoundation.org/training/inclusive-open-source-community-orientation-lfc102/ (it's free)

Kind Regards,
Bartek Płotka (@bwplotka)

On Wed, 18 Nov 2020 at 10:07, Liz Rice <liz@...> wrote:
I’d like to see all project maintainers taking this at all maturity levels

Probably getting carried away here, but it would be nice if we could automate this, a bit like CLA bots: automatically flagging up anyone who’s listed in a Maintainers file if they haven’t taken the course


On Fri, 13 Nov 2020 at 15:31, Chris Aniszczyk <caniszczyk@...> wrote:
As a follow up from previous discussions on D&I training, we at The Linux Foundation in partnership with NCWIT are launching a new course on building inclusive open source communities that CNCF helped fund: https://training.linuxfoundation.org/announcements/linux-foundation-and-ncwit-release-free-training-course-on-diversity-in-open-source/

We should consider making this as a graduation requirement or even as part of project acceptance, food for thought as we ramp up for kubecon + cloudnativecon next week!


--
Chris Aniszczyk (@cra)



--
Chris Aniszczyk (@cra)


--
Chris Aniszczyk (@cra)


Re: [cncf-sig-security] Vulnerability scanning for CNCF projects

Chris Aniszczyk
 

" Should we have something in place for requiring projects to have a process to fix vulnerability issues (at least the serious ones)?"

We have a graduation requirement around CII badging which requires a security disclosure process so it's there but not codified formally, we could do that, I think the important thing is that projects also publish advisories in a standard way (like via the github security API)

We should treat the LF tool suite as another option for projects to take advantage of, already many projects are using Snyk, FOSSA, Whitesource etc that is listed here: https://github.com/cncf/servicedesk#tools

You can kind of get an SBOM (depending you define sbom ;p) for some of our projects already: https://app.fossa.com/attribution/c189c5b9-fe2c-45f2-ba40-c34c36bab868

I think offering projects more choice is always better as the landscape changes often in tooling.

On Wed, Nov 18, 2020 at 10:54 AM Emily Fox <themoxiefoxatwork@...> wrote:
Liz,
  Love this.  As part of the assessments SIG-Security performs, we've begun highlighting the importance of secure development practices.  The last few assessments we've begun pushing more for this, as well as responsible disclosure instructions and general security mindedness for project sustainment.   This fits in alignment with those efforts.  We currently have the assessment process undergoing some updates (held currently for kubecon) and this make it a great time to potentially include this.  I personally would like to see license dependencies and dependency trees to help push forward in the area of SBOM.
  I think we should be clear however in what our thresholds and terms are in this area, offhand i can think of the following potentials:
* Listing of vulns in deliverable artifacts
* Listing licensing dependencies
* SBOM
* vulnerability threshold and prioritizing resolution in prior to artifact delivery
* vulnerability threshold and prioritizing resolution post artifact delivery

Definitely worth a conversation and follow-ups.  Do you have anything in mind that are must haves off the above or anything I missed or misunderstood?

~Emily Fox


On Wed, Nov 18, 2020 at 11:41 AM Liz Rice <liz@...> wrote:
Hi TOC and SIG Security folks 

On Friday I got a nice preview from Shubhra Kar and his team at the LF about some tools they are building to provide insights and stats for LF (and therefore CNCF) projects. One that's of particular interest is an integration of scanning security issues.

We require graduated projects to have security reviews, and SIG Security are offering additional assessments, but we don't really have any standards around whether project artifacts shipping with vulnerabilities. Should we have something in place for requiring projects to have a process to fix vulnerability issues (at least the serious ones)? 

This tooling is off to a great start. The current numbers for a lot of our projects look really quite bad, but this may be to do with scanning all the repos related to a project's org. I'd imagine there are also some false positives from things like dependencies only used in test that don't affect the security of the executables that end users run - we may want to look at just reporting vulnerabilities from a project's deployable artifacts. 

As well as vulnerability scanning this is showing license dependencies, which could be very useful.

For discussion, how we want to use this kind of info, and whether we want to formalize requirements on projects (e.g. at graduation or incubation levels).  

Copying Shubra in case he would like to comment further. .

Enjoy KubeCon!
Liz



--
Chris Aniszczyk (@cra)


Re: [cncf-sig-security] Vulnerability scanning for CNCF projects

Emily Fox
 

Liz,
  Love this.  As part of the assessments SIG-Security performs, we've begun highlighting the importance of secure development practices.  The last few assessments we've begun pushing more for this, as well as responsible disclosure instructions and general security mindedness for project sustainment.   This fits in alignment with those efforts.  We currently have the assessment process undergoing some updates (held currently for kubecon) and this make it a great time to potentially include this.  I personally would like to see license dependencies and dependency trees to help push forward in the area of SBOM.
  I think we should be clear however in what our thresholds and terms are in this area, offhand i can think of the following potentials:
* Listing of vulns in deliverable artifacts
* Listing licensing dependencies
* SBOM
* vulnerability threshold and prioritizing resolution in prior to artifact delivery
* vulnerability threshold and prioritizing resolution post artifact delivery

Definitely worth a conversation and follow-ups.  Do you have anything in mind that are must haves off the above or anything I missed or misunderstood?

~Emily Fox


On Wed, Nov 18, 2020 at 11:41 AM Liz Rice <liz@...> wrote:
Hi TOC and SIG Security folks 

On Friday I got a nice preview from Shubhra Kar and his team at the LF about some tools they are building to provide insights and stats for LF (and therefore CNCF) projects. One that's of particular interest is an integration of scanning security issues.

We require graduated projects to have security reviews, and SIG Security are offering additional assessments, but we don't really have any standards around whether project artifacts shipping with vulnerabilities. Should we have something in place for requiring projects to have a process to fix vulnerability issues (at least the serious ones)? 

This tooling is off to a great start. The current numbers for a lot of our projects look really quite bad, but this may be to do with scanning all the repos related to a project's org. I'd imagine there are also some false positives from things like dependencies only used in test that don't affect the security of the executables that end users run - we may want to look at just reporting vulnerabilities from a project's deployable artifacts. 

As well as vulnerability scanning this is showing license dependencies, which could be very useful.

For discussion, how we want to use this kind of info, and whether we want to formalize requirements on projects (e.g. at graduation or incubation levels).  

Copying Shubra in case he would like to comment further. .

Enjoy KubeCon!
Liz


Vulnerability scanning for CNCF projects

Liz Rice
 

Hi TOC and SIG Security folks 

On Friday I got a nice preview from Shubhra Kar and his team at the LF about some tools they are building to provide insights and stats for LF (and therefore CNCF) projects. One that's of particular interest is an integration of scanning security issues.

We require graduated projects to have security reviews, and SIG Security are offering additional assessments, but we don't really have any standards around whether project artifacts shipping with vulnerabilities. Should we have something in place for requiring projects to have a process to fix vulnerability issues (at least the serious ones)? 

This tooling is off to a great start. The current numbers for a lot of our projects look really quite bad, but this may be to do with scanning all the repos related to a project's org. I'd imagine there are also some false positives from things like dependencies only used in test that don't affect the security of the executables that end users run - we may want to look at just reporting vulnerabilities from a project's deployable artifacts. 

As well as vulnerability scanning this is showing license dependencies, which could be very useful.

For discussion, how we want to use this kind of info, and whether we want to formalize requirements on projects (e.g. at graduation or incubation levels).  

Copying Shubra in case he would like to comment further. .

Enjoy KubeCon!
Liz


Re: FYI: New Training Course on Diversity in Open Source

Liz Rice
 

Thanks Chris. 

We could also require it for TOC members & SIG chairs too 


On Wed, Nov 18, 2020 at 2:40 PM Chris Aniszczyk <caniszczyk@...> wrote:
Thanks!

Liz I have added this as a requirement per the project proposal process: https://github.com/cncf/toc/pull/570

We can discuss at the next TOC meeting to vote/finalize the changes, but I think the best place to put the requirement is at the project proposal phase where we can easily check against the initial list of maintainers. In the future, we can try to do something fancy like an automated audit report based on what's in maintainers.cncf.io and if they have taken the course.

On Wed, Nov 18, 2020 at 8:30 AM Bartłomiej Płotka <bwplotka@...> wrote:
Hi,

Just completed it (takes ~20 min) and definitely can recommend it to all who maintain projects on open source! 🤗 

It's actionable and insightful, +1 to make it mandatory.

BTW, direct training link: https://training.linuxfoundation.org/training/inclusive-open-source-community-orientation-lfc102/ (it's free)

Kind Regards,
Bartek Płotka (@bwplotka)

On Wed, 18 Nov 2020 at 10:07, Liz Rice <liz@...> wrote:
I’d like to see all project maintainers taking this at all maturity levels

Probably getting carried away here, but it would be nice if we could automate this, a bit like CLA bots: automatically flagging up anyone who’s listed in a Maintainers file if they haven’t taken the course


On Fri, 13 Nov 2020 at 15:31, Chris Aniszczyk <caniszczyk@...> wrote:
As a follow up from previous discussions on D&I training, we at The Linux Foundation in partnership with NCWIT are launching a new course on building inclusive open source communities that CNCF helped fund: https://training.linuxfoundation.org/announcements/linux-foundation-and-ncwit-release-free-training-course-on-diversity-in-open-source/

We should consider making this as a graduation requirement or even as part of project acceptance, food for thought as we ramp up for kubecon + cloudnativecon next week!


--
Chris Aniszczyk (@cra)



--
Chris Aniszczyk (@cra)


Re: FYI: New Training Course on Diversity in Open Source

Chris Aniszczyk
 

Thanks!

Liz I have added this as a requirement per the project proposal process: https://github.com/cncf/toc/pull/570

We can discuss at the next TOC meeting to vote/finalize the changes, but I think the best place to put the requirement is at the project proposal phase where we can easily check against the initial list of maintainers. In the future, we can try to do something fancy like an automated audit report based on what's in maintainers.cncf.io and if they have taken the course.

On Wed, Nov 18, 2020 at 8:30 AM Bartłomiej Płotka <bwplotka@...> wrote:
Hi,

Just completed it (takes ~20 min) and definitely can recommend it to all who maintain projects on open source! 🤗 

It's actionable and insightful, +1 to make it mandatory.

BTW, direct training link: https://training.linuxfoundation.org/training/inclusive-open-source-community-orientation-lfc102/ (it's free)

Kind Regards,
Bartek Płotka (@bwplotka)

On Wed, 18 Nov 2020 at 10:07, Liz Rice <liz@...> wrote:
I’d like to see all project maintainers taking this at all maturity levels

Probably getting carried away here, but it would be nice if we could automate this, a bit like CLA bots: automatically flagging up anyone who’s listed in a Maintainers file if they haven’t taken the course


On Fri, 13 Nov 2020 at 15:31, Chris Aniszczyk <caniszczyk@...> wrote:
As a follow up from previous discussions on D&I training, we at The Linux Foundation in partnership with NCWIT are launching a new course on building inclusive open source communities that CNCF helped fund: https://training.linuxfoundation.org/announcements/linux-foundation-and-ncwit-release-free-training-course-on-diversity-in-open-source/

We should consider making this as a graduation requirement or even as part of project acceptance, food for thought as we ramp up for kubecon + cloudnativecon next week!


--
Chris Aniszczyk (@cra)



--
Chris Aniszczyk (@cra)


Re: FYI: New Training Course on Diversity in Open Source

Bartłomiej Płotka
 

Hi,

Just completed it (takes ~20 min) and definitely can recommend it to all who maintain projects on open source! 🤗 

It's actionable and insightful, +1 to make it mandatory.

BTW, direct training link: https://training.linuxfoundation.org/training/inclusive-open-source-community-orientation-lfc102/ (it's free)

Kind Regards,
Bartek Płotka (@bwplotka)

On Wed, 18 Nov 2020 at 10:07, Liz Rice <liz@...> wrote:
I’d like to see all project maintainers taking this at all maturity levels

Probably getting carried away here, but it would be nice if we could automate this, a bit like CLA bots: automatically flagging up anyone who’s listed in a Maintainers file if they haven’t taken the course


On Fri, 13 Nov 2020 at 15:31, Chris Aniszczyk <caniszczyk@...> wrote:
As a follow up from previous discussions on D&I training, we at The Linux Foundation in partnership with NCWIT are launching a new course on building inclusive open source communities that CNCF helped fund: https://training.linuxfoundation.org/announcements/linux-foundation-and-ncwit-release-free-training-course-on-diversity-in-open-source/

We should consider making this as a graduation requirement or even as part of project acceptance, food for thought as we ramp up for kubecon + cloudnativecon next week!


--
Chris Aniszczyk (@cra)


Re: [VOTE] Buildpacks to move to incubation

Archy k
 

+1 NB

On Wed, Oct 7, 2020 at 5:21 PM Amye Scavarda Perrin <ascavarda@...> wrote:
Cloud Native Buildpacks has applied to move from sandbox to incubation. (https://github.com/cncf/toc/pull/338)

Justin Cormack is the TOC sponsor for this project, he has performed Due Diligence (https://docs.google.com/document/d/1tb3mK5cJmaQLO8xR__9NaH2GMrdn3WPjAZFBJYsXrxY/edit) and called for public comment. (https://lists.cncf.io/g/cncf-toc/message/5317)

Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--
Amye Scavarda Perrin | Program Manager | amye@...


Re: [VOTE] Buildpacks to move to incubation

Romaric Philogène
 

+1

On Tue, Nov 3, 2020 at 6:03 PM Gadi Naor via lists.cncf.io <gadi=alcide.io@...> wrote:
+1 NB

On Tue, Nov 3, 2020 at 6:02 PM Alena Prokharchyk via lists.cncf.io <aprokharchyk=apple.com@...> wrote:
+1 binding.

-alena.

On Oct 7, 2020, at 2:18 PM, Amye Scavarda Perrin <ascavarda@...> wrote:

Cloud Native Buildpacks has applied to move from sandbox to incubation. (https://github.com/cncf/toc/pull/338)

Justin Cormack is the TOC sponsor for this project, he has performed Due Diligence (https://docs.google.com/document/d/1tb3mK5cJmaQLO8xR__9NaH2GMrdn3WPjAZFBJYsXrxY/edit) and called for public comment. (https://lists.cncf.io/g/cncf-toc/message/5317)

Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--
Amye Scavarda Perrin | Program Manager | amye@...

--
Gadi NaorCTO & Security Plumber
 

US.   2443 Fillmore St, San Francisco, CA, 94115
IL.    5 Miconis St, Tel Aviv, 6777214   
M. +972-52-6618811
Web.      www.alcide.io
GitHub. github.com/alcideio

Follow us on LinkedInFollow us on Twitter 

Complete Kubernetes & Service Mesh Security. 
Bridging Security & DevOps.




--
Romaric Philogène
CEO & Co-founder | Qovery

Backed by Techstars

Phone : +33 601 226 575
Email : romaric@...
Address : 128 rue la Boétie, 75008 Paris - France


Re: [VOTE] Buildpacks to move to incubation

Liz Rice
 

+1 binding


On Tue, 3 Nov 2020 at 17:08, sandeep lahane <sandeep@...> wrote:
+1 

Regards
Sandeep Lahane
Founder & CEO | Deepfence Inc




On Tue, Nov 3, 2020 at 10:33 PM Gadi Naor via lists.cncf.io <gadi=alcide.io@...> wrote:
+1 NB

On Tue, Nov 3, 2020 at 6:02 PM Alena Prokharchyk via lists.cncf.io <aprokharchyk=apple.com@...> wrote:
+1 binding.

-alena.

On Oct 7, 2020, at 2:18 PM, Amye Scavarda Perrin <ascavarda@...> wrote:

Cloud Native Buildpacks has applied to move from sandbox to incubation. (https://github.com/cncf/toc/pull/338)

Justin Cormack is the TOC sponsor for this project, he has performed Due Diligence (https://docs.google.com/document/d/1tb3mK5cJmaQLO8xR__9NaH2GMrdn3WPjAZFBJYsXrxY/edit) and called for public comment. (https://lists.cncf.io/g/cncf-toc/message/5317)

Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

--
Amye Scavarda Perrin | Program Manager | amye@...

--
Gadi NaorCTO & Security Plumber
 

IL.    5 Miconis St, Tel Aviv, 6777214   
M. +972-52-6618811
Web.      www.alcide.io
GitHub. github.com/alcideio

Follow us on LinkedInFollow us on Twitter 

Complete Kubernetes & Service Mesh Security. 
Bridging Security & DevOps.



Re: FYI: New Training Course on Diversity in Open Source

Liz Rice
 

I’d like to see all project maintainers taking this at all maturity levels

Probably getting carried away here, but it would be nice if we could automate this, a bit like CLA bots: automatically flagging up anyone who’s listed in a Maintainers file if they haven’t taken the course


On Fri, 13 Nov 2020 at 15:31, Chris Aniszczyk <caniszczyk@...> wrote:
As a follow up from previous discussions on D&I training, we at The Linux Foundation in partnership with NCWIT are launching a new course on building inclusive open source communities that CNCF helped fund: https://training.linuxfoundation.org/announcements/linux-foundation-and-ncwit-release-free-training-course-on-diversity-in-open-source/

We should consider making this as a graduation requirement or even as part of project acceptance, food for thought as we ramp up for kubecon + cloudnativecon next week!


--
Chris Aniszczyk (@cra)


Re: [VOTE] etcd for graduation

Robert Wilkins III
 

+1 NB


Re: [VOTE] etcd for graduation

Liz Rice
 

+1 binding 



On Mon, Nov 16, 2020 at 4:36 PM Justin Cormack via lists.cncf.io <justin.cormack=docker.com@...> wrote:
+1 (binding)

Justin


On Fri, Nov 13, 2020 at 5:51 PM Amye Scavarda Perrin <ascavarda@...> wrote:
The etcd project has applied for graduation:  https://github.com/cncf/toc/pull/541

The due diligence document can be found here: https://docs.google.com/document/d/10IRk__v_nehw-0BpqUnNSY4A8RNP2ztdqKLX2mh0PlU/edit?usp=sharing

Xiang Li is the TOC sponsor.

Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

Thank you!
- amye 

--
Amye Scavarda Perrin | Program Manager | amye@...


Re: [VOTE] etcd for graduation

Justin Cormack
 

+1 (binding)

Justin


On Fri, Nov 13, 2020 at 5:51 PM Amye Scavarda Perrin <ascavarda@...> wrote:
The etcd project has applied for graduation:  https://github.com/cncf/toc/pull/541

The due diligence document can be found here: https://docs.google.com/document/d/10IRk__v_nehw-0BpqUnNSY4A8RNP2ztdqKLX2mh0PlU/edit?usp=sharing

Xiang Li is the TOC sponsor.

Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

Thank you!
- amye 

--
Amye Scavarda Perrin | Program Manager | amye@...


Re: [VOTE] etcd for graduation

Tzury Bar Yochay
 

+1


On Fri, Nov 13, 2020 at 7:51 PM Amye Scavarda Perrin <ascavarda@...> wrote:
The etcd project has applied for graduation:  https://github.com/cncf/toc/pull/541

The due diligence document can be found here: https://docs.google.com/document/d/10IRk__v_nehw-0BpqUnNSY4A8RNP2ztdqKLX2mh0PlU/edit?usp=sharing

Xiang Li is the TOC sponsor.

Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

Thank you!
- amye 

--
Amye Scavarda Perrin | Program Manager | amye@...



--
Tzury Bar Yochay
Founder and CTO


Re: [VOTE] etcd for graduation

Sunny Raskar <sunny.raskar@...>
 


On Fri, Nov 13, 2020 at 11:49 PM Owens, Ken <ken.owens@...> wrote:

+1 nb

 

Ken Owens

Vice President

Software Development Engineering

 

Mastercard

 

From: cncf-toc@... <cncf-toc@...> On Behalf Of Amye Scavarda Perrin
Sent: Friday, November 13, 2020 11:51 AM
To: CNCF TOC <cncf-toc@...>
Subject: {EXTERNAL} [cncf-toc] [VOTE] etcd for graduation

 

CAUTION: The message originated from an EXTERNAL SOURCE. Please use caution when opening attachments, clicking links or responding to this email.

 

The etcd project has applied for graduation:  https://github.com/cncf/toc/pull/541

The due diligence document can be found here: https://docs.google.com/document/d/10IRk__v_nehw-0BpqUnNSY4A8RNP2ztdqKLX2mh0PlU/edit?usp=sharing

Xiang Li is the TOC sponsor.

Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

Thank you!
- amye 

 

--

Amye Scavarda Perrin | Program Manager | amye@...

CONFIDENTIALITY NOTICE This e-mail message and any attachments are only for the use of the intended recipient and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient, any disclosure, distribution or other use of this e-mail message or attachments is prohibited. If you have received this e-mail message in error, please delete and notify the sender immediately. Thank you.


****** DISCLAIMER - MSysTechnologies LLC ******

 

This email message, contents and its attachments may contain confidential, proprietary or legally privileged information and is intended solely for the use of the individual or entity to whom it is actually intended. If you have erroneously received this message, please permanently delete it immediately and notify the sender. If you are not the intended recipient of the email message,you are notified strictly not to disseminate,distribute or copy this e-mail.E-mail transmission cannot be guaranteed to be secure or error-free as Information could be intercepted, corrupted, lost, destroyed, incomplete or contain viruses and MSysTechnologies LLC accepts no liability for the contents and integrity of this mail or for any damage caused by the limitations of the e-mail transmission.


Re: [VOTE] etcd for graduation

Isaac Mosquera
 

+1 non-binding.



On Mon, Nov 16, 2020 1:55 PM, Thomas Schuetz via lists.cncf.io thomas.schuetz=dynatrace.com@... wrote:
+1 non-binding

On 13.11.2020, at 18:51, Amye Scavarda Perrin via lists.cncf.io <ascavarda=linuxfoundation.org@...> wrote:

The etcd project has applied for graduation:  https://github.com/cncf/toc/pull/541

The due diligence document can be found here: https://docs.google.com/document/d/10IRk__v_nehw-0BpqUnNSY4A8RNP2ztdqKLX2mh0PlU/edit?usp=sharing

Xiang Li is the TOC sponsor.

Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

Thank you!
- amye 

--
Amye Scavarda Perrin | Program Manager | amye@...

The contents of this e-mail are intended for the named addressee only. It contains information that may be confidential. Unless you are the named addressee or an authorized designee, you may not copy or use it, or disclose it to anyone else. If you received it in error please notify us immediately and then destroy it. Dynatrace Austria GmbH (registration number FN 91482h) is a company registered in Linz whose registered office is at 4020 Linz, Austria, Am Fünfundzwanziger Turm 20


#velocity,

I S A A C  M O S Q U E R A
Chief Technology Officer
p: 703.795.5322


Re: [VOTE] etcd for graduation

Thomas Schuetz
 

+1 non-binding

On 13.11.2020, at 18:51, Amye Scavarda Perrin via lists.cncf.io <ascavarda=linuxfoundation.org@...> wrote:

The etcd project has applied for graduation:  https://github.com/cncf/toc/pull/541

The due diligence document can be found here: https://docs.google.com/document/d/10IRk__v_nehw-0BpqUnNSY4A8RNP2ztdqKLX2mh0PlU/edit?usp=sharing

Xiang Li is the TOC sponsor.

Please vote (+1/0/-1) by replying to this thread.

Remember that the TOC has binding votes only, but we do appreciate non-binding votes from the community as a sign of support!

Thank you!
- amye 

--
Amye Scavarda Perrin | Program Manager | amye@...

The contents of this e-mail are intended for the named addressee only. It contains information that may be confidential. Unless you are the named addressee or an authorized designee, you may not copy or use it, or disclose it to anyone else. If you received it in error please notify us immediately and then destroy it. Dynatrace Austria GmbH (registration number FN 91482h) is a company registered in Linz whose registered office is at 4020 Linz, Austria, Am Fünfundzwanziger Turm 20

1681 - 1700 of 7186