Gather information about graduation for Knative Project #1367
Comments
|
@aliok can you help us gather information and find us a sponsor? |
|
Ideas for showing Growth: |
|
Got some guidelines from CNCF TOC, share them here hope will provide clarity for the Graduation sponsor process:
|
|
If there's anything I can do to help guide you based on my experience with Istio, please let me know. |
|
I would want to help the SC with this work. Can we rename this ticket to something like "gather information about Knative project graduation"? And later we can create an umbrella task for each of the requirements? I started working on understanding the requirements. |
|
@craigbox your help would be very much appreciated, thanks for offering that. We will reach out for sure, once we gather more information about the unknown unknowns :) |
nainaz
changed the title
|
@evankanderson know the status of Security Audit. |
|
We had a meeting about 3 weeks ago with the LF administrators and the audit team, but I haven't heard further updates. I'll check on it today or tomorrow. |
|
Here's some content defining the process:
Once we think we prepared everything above, we need to start the graduation process by following the steps in: References: |
|
I actually created a DD myself in the Knative Drive (SC directory) and put some content already: https://docs.google.com/document/d/1BOKa3Jls4w5gsEj5O4-Di0Mf1WCMeLdssG_PVPyF5do/edit I have some questions in the doc as comments. Once we answer these questions and reduce ambiguity, let's create separate tickets for each work item we need to do. In summary, here are the missing parts: ✅ We need to apply for "Core Infrastructure Initiative Best Practices Badge"
Update: we already have it: https://bestpractices.coreinfrastructure.org/en/projects/5913 ✅ We need to have a independent and third party security auditNot sure if the fuzzing audit is enough. There are some findings in this comment: #964 (comment) @craigbox, @evankanderson any idea? UPDATE: there will be another report by the end of September 2023. ✅ We need to merge #1390This PR defines the process of offboarding contributors/approvers. UPDATE: merged ✅ We might need a process for annual reviewing of SC+TOC membersThese members keep their seats for 2 years and then there's a new election. However:
@jberkus any opinion? UPDATE: as this is a "should", we should not change our nicely working process. (thanks @craigbox) ✅ We need to resolve the issues from the incubation due diligenceThere's one comment, but I am not sure if there's an actual issue: https://docs.google.com/document/d/1qPMyIBZ1tBk6WpEMPuLtTrjA6lvbrQ7DvCZb22S0llo/edit?disco=AAAAUnuaVKA UPDATE: This is not an issue. This is just a statement that some documentation is good and it can be the base of a self-assessment. We don't need the self-assessment as we will have an independent audit. 🟡 Get a governance review assessment from TAG CSThis is not a CNCF requirement (yet, subject to change), but we need a governance review from TAG Contributor strategy. This is NOT blocked by dissolving trademark committee (see below) Issue: cncf/tag-contributor-strategy#514 🟡 Dissolve trademark committeeThis is not a CNCF requirement, but it would be nice to get our governance review with this committee resolved. Issue: #1399 |
|
I'd really like to eliminate the TMC before we apply for graduation. That's not a CNCF requirement, but it is an internal goal. Also, since both Ali and I are involved in the project, we'll need to wait for Dawn to come back for a governance review (August). |
|
Istio had already had a professional audit before joining the CNCF, but it was more than 18 months ago, and a second audit was recommended. Our second audit focused primarily on fuzzing. I would imagine that this audit should be fine, but your TOC sponsor can comment. (It looks like this audit was the result of your CNCF engagement, so if they say it isn't general purpose enough, I would be asking the TOC to update the CNCF on requirements because it was commissioned in part to meet this requirement.) Regarding your two-year cadence, I would note the language is should and not must; you could say that by design your SC seats seat two year terms, and you're OK with that. Other things like TAG Security self-assessments (offered in the linked comment from the incubation DD), governance reviews, etc, are nice-to-haves, but I personally believe that the CNCF should codify them as requirements if they are to be so. |
Are these required for graduation @jberkus ? They're not written in any of these explicitly: |
TOC is basically a precedent-based organisation. If you apply and these aren't the law at the time, you won't be held to needing them. That said, they are good things to have and they may become part of the rules later on. |
|
Created a ticket that might need a fix before graduation: #1407 UPDATE: this is just about showing rotations in https://knative.party/ . Not relevant for graduation. The |
|
CNCF can help with marketing of Knative's graduation, if we're there by KubeCon NA. Look for "PR Support" in the page above. |
|
/close |
|
@aliok: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Requirements for Graduation of Knative Project
https://github.com/cncf/toc/blob/main/process/project_proposals.md#graduation-process
Example from Istio: PR: cncf/toc#1000
DD: https://docs.google.com/document/d/1y0WANWSeeWDnF8NZ6NvteTCXxg932uHNBS7VwaD3WRM/edit?usp=sharing
Example from KEDA: : PR for KEDA to become a CNCF Graduated project
DD: KEDA Graduation Due Diligence. Adopter interviews are at the end of the DD document in an appendix.
The text was updated successfully, but these errors were encountered: