TAG Documentation Update: TAG Security

[riaankleinhans]

This issue supports updating the TAG README, Charter and moving documents to the TAG’s Gdrive. The work will be tracked in the TOC Tracking issue #1366.

The following points should be addressed:

• PR updating TAG repo README in accordance to the template
• PR removing TAG repo charter
• PR updating TAG charter in the TOC repo charter folder according to the template
  The aim of this update is to ensure that no information is lost from the TAG’s repo level charter.
• Move all TAG related shared documents ( Like meeting notes and slides ) to the [email protected] drive for the TAG.
  The aim of this update is to ensure no documents get lost in private or company accounts. Reach out to @riaankleinhans for assistance on that.

[anvega]

Thank you for this feedback. A few points to consider:

• Is this a guideline? We recently updated our README to be more concise, and it's fairly close to the suggested template.

• We have both a short version of the charter in the README and an expanded version in the governance folder. This allows visitors to quickly understand our scope without being redirected to the TOC repo.

• While we appreciate the effort to maintain consistency across TAGs, we've aimed to be well-organized while also adhering to CNCF's principle of "minimum viable governance that enables projects to be self-governing" (as per https://www.cncf.io/blog/2019/08/30/cncf-technical-principles-and-open-governance-success/).

We're open to further discussion on how to balance these considerations.

[riaankleinhans]

@anvega thank you for your feedback.

README:

You are correct, the TAG security README is well maintained.
One change that I would like to TAG to make. (I am also willing to help with PR's) is to move the TAG Leadership to the TOC repo page: https://github.com/cncf/toc/blob/main/tags/cncf-tags.md
The rational is to have it only in one place, approved by the TOC, as the information in the TOC and TAG repo often get out of sync.

Charter

The short version in the README is perfect, however the TOC and TAG versions of the Charter is out of sync.
The Charter is the description of the relationship between the TAG and the TOC and should only be changed in collaboration with the TOC as often as it is needed. (And it is hard to manage version control of the same document in two places.)

[anvega]

Thank you for the detailed explanation @riaankleinhans. I understand the reasoning behind these suggestions, particularly regarding version control and maintaining consistency between the TOC and TAG repos.

The proposed changes sound reasonable to me, as they're not contentious and aim to improve overall organization. However, I'd like to gather input from the rest of the TAG leadership before proceeding, especially considering recent efforts by the chairs to showcase the entirety of the repo on the TAG website.

Perhaps we could discuss this in our TAG meeting tomorrow or set something ad-hoc to ensure we're aligning our documentation and information architecture strategy with both the TOC's guidelines and our own recent initiatives?

Please go ahead with the proposed PR so we have something concrete to review. This will help facilitate our discussion and decision making process.

[riaankleinhans]

@anvega I created a PR #1376 in the TAG repo and a corresponding PR in the TOC repo cncf/toc#1376

Both are still WIP and open for discussion.

[riaankleinhans]

All TAG Security google docs that I am aware of have now been moved to the [email protected] / tag-security folder

Once PR #1316 merge I think we can close this issue.
The related PR in TOC repo have been approved cncf/toc#1376 by @linsun

Adding your approval / review on both PRs would be appreciated.

@PushkarJ @mnm678 @anvega @eddie-knight