[Proposal] Making the CNCF End User Public Sector Group Private

[idvoretskyi]

Overview

I'd like to propose transitioning the CNCF End User Public Sector group from a public to a private setting. This change aims to address the specific needs and constraints of public sector engagements, particularly around sensitive data and security requirements.

Reasons for making it private

1. Sensitive Data Concerns: Public sector discussions often involve sensitive data that may be legally restricted or deemed sensitive for public disclosure. For example, topics related to the defense industry require a higher degree of confidentiality that is not suitable for public forums.

2. Creating a Safe and Trusted Environment: By privatizing the group, we can ensure that all participants are verified and can freely share and discuss sensitive information without the risk of public exposure. This setup mirrors the safety and privacy of the general CNCF End User Community.

Proposed Communication Channels

• Slack: Establish a private Slack channel for secure and real-time communication among verified members.
• Mailing List: Create a private mailing list that serves as a formal communication tool, ensuring all sensitive communications are kept confidential.
• Zoom Calls: Conduct regular Zoom calls with attendance limited to verified individuals from verified organizations. These meetings should be held off the record, or if recorded, the recordings should not be shared publicly.

Conclusion

Privatizing the CNCF End User Public Sector group will significantly enhance the security and effectiveness of the community. This environment will allow public sector members to engage more openly and share critical information that they would typically hesitate to disclose in a public setting.

Looking forward to your feedback and further discussion on this proposal.

[idunbarh]

@idvoretskyi Thanks for bringing the topic up. I'd be curious what others think.

I'm point of view is to remain public for the reasons outlined below.

Sensitive Data Concerns: Public sector discussions often involve sensitive data that may be legally restricted or deemed sensitive for public disclosure. For example, topics related to the defense industry require a higher degree of confidentiality that is not suitable for public forums.

Sensitive topics should be held outside of CNCF. This was one of the ground rules discussed by the group at its inception. While today participation is US Public Sector companies, that should not preclude Public Sector or government CNCF members from other nations to participate. Anything deemed sensitive should be communicated through other channels.

Creating a Safe and Trusted Environment: By privatizing the group, we can ensure that all participants are verified and can freely share and discuss sensitive information without the risk of public exposure. This setup mirrors the safety and privacy of the general CNCF End User Community.

Same comment as above, due to the global nature of CNCF and how US Public Sector CNCF members operate, anything discussed in these meetings would be considered publicly disclosed.

I think this UG benefits more from being public as a way to lower barriers to participation.

[onlydole]

One comment to add here - if there is ever a want or need for more private info, we do have https://github.com/cncf/enduser as a space to utilize for this, too! That would leave this repo open and more discoverable.

[brandtkeller]

I agree with @idunbarh in this regard. Having balanced open source (projects, initiatives, etc) with the need to have sensitive discussions in other domains previously - often we continue to re-iterate that the private setting does not necessarily dictate that it is appropriate for sensitive discussions anyway.