|
Raise $50,000 for CNCF Diversity Scholarships, win prizes, and improve project security
This is an experiment help with CNCF project onboarding tasks (that some projects are slow on) and security practices recommended by https://sos.dev/#what-security-improvements-qualify and OpenSSF. We
This is an experiment help with CNCF project onboarding tasks (that some projects are slow on) and security practices recommended by https://sos.dev/#what-security-improvements-qualify and OpenSSF. We
|
By
Chris Aniszczyk
· #7585
·
|
|
Real Name Policy for CNCF
We point to the Linux Kernel as an example in the FAQ as the original and canonical DCO reference: https://github.com/torvalds/linux/blob/master/Documentation/process/submitting-patches.rst#developers
We point to the Linux Kernel as an example in the FAQ as the original and canonical DCO reference: https://github.com/torvalds/linux/blob/master/Documentation/process/submitting-patches.rst#developers
|
By
Chris Aniszczyk
· #7217
·
|
|
Real Name Policy for CNCF
Hey folks, just to let you know, this is a policy that has been in place for awhile in multiple LF communities like the Linux Kernel, Hyperledger etc. I'm not reverting the change as this is what the
Hey folks, just to let you know, this is a policy that has been in place for awhile in multiple LF communities like the Linux Kernel, Hyperledger etc. I'm not reverting the change as this is what the
|
By
Chris Aniszczyk
· #7216
·
|
|
[cncf-tag-security] RFC Cloud Native Serverless Security Whitepaper
FYI ---------- Forwarded message --------- From: Brandon Lum <lumjjb@...> Date: Tue, May 17, 2022 at 11:50 AM Subject: [cncf-tag-security] RFC Cloud Native Serverless Security Whitepaper To: <cn
FYI ---------- Forwarded message --------- From: Brandon Lum <lumjjb@...> Date: Tue, May 17, 2022 at 11:50 AM Subject: [cncf-tag-security] RFC Cloud Native Serverless Security Whitepaper To: <cn
|
By
Chris Aniszczyk
· #6982
·
|
|
[cncf-tag-security] RFC: Cloud Native Security Whitepaper v2 ends April 27
FYI ---------- Forwarded message --------- From: <pushkarj.at.work@...> Date: Wed, Apr 6, 2022 at 2:26 PM Subject: [cncf-tag-security] RFC: Cloud Native Security Whitepaper v2 ends April 27 To:
FYI ---------- Forwarded message --------- From: <pushkarj.at.work@...> Date: Wed, Apr 6, 2022 at 2:26 PM Subject: [cncf-tag-security] RFC: Cloud Native Security Whitepaper v2 ends April 27 To:
|
By
Chris Aniszczyk
· #6815
·
|
|
[cncf-tag-security] [RFC] Secure Software Factory Reference Arch. Doc
FYI ---------- Forwarded message --------- From: Michael Lieberman <mlieberman85@...> Date: Thu, Feb 10, 2022 at 3:19 PM Subject: [cncf-tag-security] [RFC] Secure Software Factory Reference Arch
FYI ---------- Forwarded message --------- From: Michael Lieberman <mlieberman85@...> Date: Thu, Feb 10, 2022 at 3:19 PM Subject: [cncf-tag-security] [RFC] Secure Software Factory Reference Arch
|
By
Chris Aniszczyk
· #6622
·
|
|
FYI: Software Supply Chain Security Paper via CNCF Security TAG
The CNCF Security TAG put together an excellent resource: https://github.com/cncf/tag-security/tree/master/supply-chain-security https://www.cncf.io/blog/2021/05/14/evaluating-your-supply-chain-securi
The CNCF Security TAG put together an excellent resource: https://github.com/cncf/tag-security/tree/master/supply-chain-security https://www.cncf.io/blog/2021/05/14/evaluating-your-supply-chain-securi
|
By
Chris Aniszczyk
· #5844
·
|
|
FYI: Third Party Deps that have been relicensed to AGPL
I hope everyone had an amazing KubeCon + CloudNativeCon! Due to the recent re-licensing of a couple popular permissive projects to AGPL, the CNCF has posted guidance for projects that may be affected:
I hope everyone had an amazing KubeCon + CloudNativeCon! Due to the recent re-licensing of a couple popular permissive projects to AGPL, the CNCF has posted guidance for projects that may be affected:
|
By
Chris Aniszczyk
· #5834
·
|
|
moderated
Last chance to register for May 11 'Unraveling Container Visibility' live webinar hosted by Visionet
Please don't send spam to this list again or you will be banned from CNCF messaging systems. You can take advantage of CNCF marketing/online programs here: https://github.com/cncf/foundation/blob/mast
Please don't send spam to this list again or you will be banned from CNCF messaging systems. You can take advantage of CNCF marketing/online programs here: https://github.com/cncf/foundation/blob/mast
|
By
Chris Aniszczyk
· #5833
·
|
|
[cncf-sig-security] Supply Chain Security Paper Open for public comment
FYI ---------- Forwarded message --------- From: Emily Fox <themoxiefoxatwork@...> Date: Fri, Apr 9, 2021 at 11:20 AM Subject: [cncf-sig-security] Supply Chain Security Paper Open for public com
FYI ---------- Forwarded message --------- From: Emily Fox <themoxiefoxatwork@...> Date: Fri, Apr 9, 2021 at 11:20 AM Subject: [cncf-sig-security] Supply Chain Security Paper Open for public com
|
By
Chris Aniszczyk
· #5798
·
|
|
SIG Observability: Accusations during OpenTelemetry Incubation Recommendations
Hey all, thanks for the candid email here, I know that it can be a challenge as we don't timebox due diligence periods and that sometimes it can be hard to give and take feedback, especially as projec
Hey all, thanks for the candid email here, I know that it can be a challenge as we don't timebox due diligence periods and that sometimes it can be hard to give and take feedback, especially as projec
|
By
Chris Aniszczyk
· #5785
·
|
|
security & CNCF projects
Alexis, the tool is freely available just like a variety of other security tools that CNCF projects use, from LFX Security (white labeled Snyk), Snyk, FOSSA, CodeQL, WhiteSource etc, lots of great opt
Alexis, the tool is freely available just like a variety of other security tools that CNCF projects use, from LFX Security (white labeled Snyk), Snyk, FOSSA, CodeQL, WhiteSource etc, lots of great opt
|
By
Chris Aniszczyk
· #5671
·
|
|
security & CNCF projects
+1 to what Liz said here, this should be opt-in for project maintainers like any tool Can we please just leave this as a per project decision as any other tool as we decided last time this came up, th
+1 to what Liz said here, this should be opt-in for project maintainers like any tool Can we please just leave this as a per project decision as any other tool as we decided last time this came up, th
|
By
Chris Aniszczyk
· #5669
·
|
|
security & CNCF projects
That depends on your viewpoint, the maintainers ideally should make that call per project based on whatever security process they have in place for the project. You can have a view that maintainers sh
That depends on your viewpoint, the maintainers ideally should make that call per project based on whatever security process they have in place for the project. You can have a view that maintainers sh
|
By
Chris Aniszczyk
· #5657
·
|
|
security & CNCF projects
I'll follow up Alexis on the ticket but it's just white labeled https://snyk.io If you are already using, say Snyk via github action (https://github.com/snyk/actions/tree/master/golang) you won't see
I'll follow up Alexis on the ticket but it's just white labeled https://snyk.io If you are already using, say Snyk via github action (https://github.com/snyk/actions/tree/master/golang) you won't see
|
By
Chris Aniszczyk
· #5651
·
|
|
Projects included into Sandbox from the 1/26 sandbox review meeting
It's https://github.com/docker/distribution They will pick a new org name and so on.
It's https://github.com/docker/distribution They will pick a new org name and so on.
|
By
Chris Aniszczyk
· #5617
·
|
|
Public comment period for Ambassador
It wasn't in the sandbox, they went straight for incubation: https://github.com/datawire/ambassador I know it can be confusing as they were originally considered a sandbox contribution but decided to
It wasn't in the sandbox, they went straight for incubation: https://github.com/datawire/ambassador I know it can be confusing as they were originally considered a sandbox contribution but decided to
|
By
Chris Aniszczyk
· #5595
·
|
|
Public comment period for Ambassador
I don't think we have to fully pause everything but it's up to the TOC here, if the TOC is saying "choose another name than IC4EP or something else that wouldn't confuse end users" before we accept th
I don't think we have to fully pause everything but it's up to the TOC here, if the TOC is saying "choose another name than IC4EP or something else that wouldn't confuse end users" before we accept th
|
By
Chris Aniszczyk
· #5590
·
|
|
Public comment period for Ambassador
The problem is the company rebranded to Ambassador also here: https://www.getambassador.io, so the project needs to be renamed to deal with the obvious trademark conflict here. The CNCF is open to wha
The problem is the company rebranded to Ambassador also here: https://www.getambassador.io, so the project needs to be renamed to deal with the obvious trademark conflict here. The CNCF is open to wha
|
By
Chris Aniszczyk
· #5588
·
|
|
[TOC] Nominations Open through 12pm PT, January 11, 2021
Just a reminder about upcoming TOC elections for the GB and end user seats! Feel free to petition your GB and end user member representatives! ---------- Forwarded message --------- From: Amye Scavard
Just a reminder about upcoming TOC elections for the GB and end user seats! Feel free to petition your GB and end user member representatives! ---------- Forwarded message --------- From: Amye Scavard
|
By
Chris Aniszczyk
· #5572
·
|