amye
commented
2 years ago Welcome! @magowan @sameo @fitzthum @ariel-adam, we'll be tracking work in here.
Closed amye closed 2 years ago
amye
commented
2 years ago Welcome! @magowan @sameo @fitzthum @ariel-adam, we'll be tracking work in here.
raravena80
commented
2 years ago Congrats!
lukaszgryglicki
commented
2 years ago I will have some delay on adding this to DevStats. Sorry, I have a lot of work to do, I can barely start any work on this on Monday. cc @caniszczyk
caniszczyk
commented
2 years ago no rush, one week is fine
On Tue, Mar 8, 2022 at 1:46 PM Łukasz Gryglicki @.***> wrote:
I will have some delay on adding this to DevStats. Sorry, I have a lot of work to do, I can barely start any work on this on Monday. cc @caniszczyk https://github.com/caniszczyk
— Reply to this email directly, view it on GitHub https://github.com/cncf/sandbox/issues/216, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAPSIN5WKMLDNPVZBP5NF3U66VBZANCNFSM5QHHVNOQ . You are receiving this because you were mentioned.Message ID: @.***>
-- Cheers,
Chris Aniszczyk https://aniszczyk.org
peterzcst
commented
2 years ago Great!
ariel-adam
commented
2 years ago Hello everyone, we are thrilled to be joining the CNCF :-)
dcmiddle
commented
2 years ago Hi, Regarding CoC..
GitHub: ensure that hat the CNCF Code of Conduct (or your adopted version of it) are explicitly referenced at the project's README on GitHub
It looks like CNCF projects like containerd[1], etcd[2], and others follow the practice of having the CoC file at the root of the repo. github recognizes it there and it can be managed in a .github repo. This issue says to put it in the README but I assume that just means make it visible and we can put a CoC file in our .github like this: https://github.com/confidential-containers/.github/pull/7/files ?
[1] https://github.com/containerd/containerd/blob/main/code-of-conduct.md [2] https://github.com/etcd-io/etcd/blob/main/code-of-conduct.md [3] https://github.com/linkerd/linkerd2/blob/main/CODE_OF_CONDUCT.md
lukaszgryglicki
commented
2 years ago DevStats page added.
lukaszgryglicki
commented
2 years ago Also added to All CNCF, including the Projects Health report.
magowan
commented
2 years ago Hi @amye , We are progressing the tasks, but we aren't sure how you would like us to update our progress here? We can't tick the tasks or edit the description to tick the tasks but happy to represent our progress here in whatever way works best. Thanks
amye
commented
2 years ago Hi @amye , We are progressing the tasks, but we aren't sure how you would like us to update our progress here? We can't tick the tasks or edit the description to tick the tasks but happy to represent our progress here in whatever way works best. Thanks
Comments here are fine! It's a limitation of Github, that's why.
magowan
commented
2 years ago Hi @amye , I am looking at : Understand the license allowlist: https://github.com/cncf/foundation/blob/master/allowed-third-party-license-policy.md#approved-licenses-for-allowlist
And also observing under Things that the CNCF will do or help the project to do: Adopt a license scanning tool, like FOSSA or Snyk
Can we work with CNCF to adopt a license scanning tool and use this setup to provide the full list of third party to dependencies to answer the list of third party dependencies from the project side?
And do transitive dependencies need to be covered too?
Thanks,
magowan
commented
2 years ago Update on progress From the project side, please ensure that you:
Things that CNCF will need from the project:
Things that the CNCF will do or help the project to do:
ariel-adam
commented
2 years ago Opened a PR for adding the projects logo: https://github.com/cncf/artwork/pull/333
amye
commented
2 years ago Opened a PR for adding the projects logo: cncf/artwork#333
Merged!
amye
commented
2 years ago Hi @amye , I am looking at : Understand the license allowlist: https://github.com/cncf/foundation/blob/master/allowed-third-party-license-policy.md#approved-licenses-for-allowlist
And also observing under Things that the CNCF will do or help the project to do: Adopt a license scanning tool, like FOSSA or Snyk
Can we work with CNCF to adopt a license scanning tool and use this setup to provide the full list of third party to dependencies to answer the list of third party dependencies from the project side?
And do transitive dependencies need to be covered too?
Thanks,
@jeefy can help you set up FOSSA/Snyk for this!
amye
commented
2 years ago One note here:
- [x] (Issue 25) Trademarks: transfer any trademark and logo mark assets over to the LF - https://github.com/cncf/foundation/tree/master/agreements has agreements
I will need a signed trademark agreement from the project, I am happy to help direct for how this process works!
ariel-adam
commented
2 years ago @amye who should sign the trademarks transfer? Is this something we need all the companies in the CoCo project to sign on? What's the simplest things to move this forward :-) ?
amye
commented
2 years ago @amye who should sign the trademarks transfer? Is this something we need all the companies in the CoCo project to sign on? What's the simplest things to move this forward :-) ?
What we've done in the past is if it's not attached to a single company, we can have the maintainers who were maintainers at the time of acceptance sign for this. Roughly how many people might that be?
magowan
commented
2 years ago @jeefy can you help me set up FOSSA/Snyk on our repositories? Happy to be pointed towards any instructions that may exist to help.
Thanks,
jeefy
commented
2 years ago @magowan Pinged you in CNCF slack, need a good email for you so I can invite you into FOSSA :) Thanks!
fitzthum
commented
2 years ago @amye @ariel-adam
What we've done in the past is if it's not attached to a single company, we can have the maintainers who were maintainers at the time of acceptance sign for this. Roughly how many people might that be?
We have a list of 10ish people that we think of as maintainers at the moment, but it might be tricky to get all of them to sign something. Even getting just one party to sign the document would probably require some kind of corporate legal review. The form implies that the Assignor should be a corporation. Is it appropriate for it to be signed by an individual or group of individuals? There is no corporation that can accurately represent the project.
It looks like a number of projects have gotten hung up on this step. What do you think is the best way forward?
sameo
commented
2 years ago @amye Hey there. I send a PR to add Confidential Containers to cncf/contribute: https://github.com/cncf/contribute/pull/99
amye
commented
2 years ago @amye @ariel-adam
What we've done in the past is if it's not attached to a single company, we can have the maintainers who were maintainers at the time of acceptance sign for this. Roughly how many people might that be?
We have a list of 10ish people that we think of as maintainers at the moment, but it might be tricky to get all of them to sign something. Even getting just one party to sign the document would probably require some kind of corporate legal review. The form implies that the Assignor should be a corporation. Is it appropriate for it to be signed by an individual or group of individuals? There is no corporation that can accurately represent the project.
It looks like a number of projects have gotten hung up on this step. What do you think is the best way forward?
Take a look at the 'no registered trademarks agreement' - https://github.com/cncf/foundation/blob/main/agreements/CNCF%20Trademark%20and%20Account%20Assignment%20Agreement%20(2020%20-%20no%20reg%20trademarks).pdf If one company isn't the contributing company, we would need all 10 to sign.
The hangup is usually because it's such a different workflow than most other onboarding tasks, I can't give you a GH repo to go submit a PR to 😂
jeefy
commented
2 years ago Invite for FOSSA sent to @magowan
fitzthum
commented
2 years ago @amye
We now have theSlack channel #confidential-containers in the CNCF workspace.
I think we may also be ready to check off all of the website-related onboarding tasks. We do not currently have a website, but we have added the LF footer to our organization profile README on GitHub. We have also begun some discussions about our future website, which we plan to create once we are done with onboarding.
Does that satisfy the following?
- [ ] Domain: transfer domain to the CNCF - https://jira.linuxfoundation.org/plugins/servlet/theme/portal/2/create/63
- [ ] Website: ensure LF footer is there and website guidelines followed (if your project doesn't have a dedicated website, please adopt those guidelines to the README file of your project on GitHub).
- [ ] Website: Analytics transferred to amye@linuxfoundation.org
amye
commented
2 years ago That should be fine!
fitzthum
commented
2 years ago @amye
Ok, I think we can also check off
- [ ] CII: Start on a CII best practices badge https://bestpractices.coreinfrastructure.org/en
@dcmiddle has gotten us off to a great start on the CII badge. We've worked through the requirements in two different meetings and created GitHub issues to track outstanding requirements for the completion of the badge. More info available on this issue https://github.com/confidential-containers/community/issues/12
We have DC for all our repos now. See: https://github.com/confidential-containers/community/issues/28
- [ ] GitHub: ensure that hat the CNCF Code of Conduct (or your adopted version of it) are explicitly referenced at the project's README on GitHub
Again thanks to @dcmiddle we have the CNCF Code of Conduct referenced in our organization's profile README and since we added the CoC to our .github repo it is linked to all other repos in the project as well. See: https://github.com/confidential-containers/community/issues/11
- [ ] Slack: Are your slack channels migrated to the Kubernetes or CNCF Slack? (see https://slack.com/help/articles/217872578-Import-data-from-one-Slack-workspace-to-another for more details)
We have a #confidential-containers channel in the CNCF slack workspace. See: https://github.com/confidential-containers/community/issues/14
I have also invited caniszczyk and thelinuxfoundation to our org as owners. I will get back to you when the accept.
magowan
commented
2 years ago We also now have a pull request https://github.com/cncf/landscape/pull/2559
for
Hoping this matches what is expected @amye ?
amye
commented
2 years ago Checking in here:
I'm getting a lot of questions about trademarks that can best be answered in Servicedesk or in your maintainers list. Current status on getting us emails? You can give them to me privately at amye@linuxfoundation.org
fitzthum
commented
2 years ago So for
- [ ] GitHub: ensure 'thelinuxfoundation' and 'caniszczyk' are added as initial org owners, this helps us make sure we have continuity of GH ownership
I invited caniszczyk to our org as an owner and the invite was accepted. I also invited thelinuxfoundation but the invite was not accepted and has now expired. Should I invite again? Can someone accept?
amye
commented
2 years ago So for
- [ ] GitHub: ensure 'thelinuxfoundation' and 'caniszczyk' are added as initial org owners, this helps us make sure we have continuity of GH ownership
I invited
caniszczykto our org as an owner and the invite was accepted. I also invitedthelinuxfoundationbut the invite was not accepted and has now expired. Should I invite again? Can someone accept?
Yes, resend that and let me see what I can do!
fitzthum
commented
2 years ago @amye
Yes, resend that and let me see what I can do!
Resent
amye
commented
2 years ago @amye
Yes, resend that and let me see what I can do!
Resent
Done!
fitzthum
commented
2 years ago @amye
I'm getting a lot of questions about trademarks that can best be answered in Servicedesk or in your maintainers list. Current status on getting us emails? You can give them to me privately at amye@linuxfoundation.org
Email sent. I will make a PR to the CNCF Maintainers list soon.
fitzthum
commented
2 years ago @amye
Please see https://github.com/cncf/foundation/pull/340 for adding maintainers to CNCF list.
amye
commented
2 years ago @amye
Please see cncf/foundation#340 for adding maintainers to CNCF list. Awesome! I will get to this on Monday, I am OOO until then.
magowan
commented
2 years ago @amye I believe we have now fulfilled
ariel-adam
commented
2 years ago @amye we hope you enjoyed your vacation :-) Question from our side, we have the maintainer list, everyone are ready to sign, the other onboarding tasks are completed. Do you think we could build a plan to get a press release next week in kubecon on the confidential containers project joining CNCF?
amye
commented
2 years ago Marketing is not available to sandbox projects, sorry. The only note that Sandbox projects get is to the TOC list on the day they join. Press releases are available at the incubation level.
ariel-adam
commented
2 years ago @amye we are looking at the list and we think we have completed everything so we need your help to checkoff the following points:
amye
commented
2 years ago Marking you all off, welcome onboard!
Welcome to CNCF Project Onboarding! This is an issue created to help onboard your project into the CNCF after the TOC has voted to accept your project. We would like to complete onboarding within one month of acceptance.
From the project side, please ensure that you:
Things that CNCF will need from the project:
Things that the CNCF will do or help the project to do: