mrcdb
commented
1 year ago Have you already performed a self-assessment for the project or something similar that you could share to kickstart the discussion? Thanks!
Open akgraner opened 1 year ago
mrcdb
commented
1 year ago Have you already performed a self-assessment for the project or something similar that you could share to kickstart the discussion? Thanks!
krishnakv
commented
1 year ago I would like to volunteer for this review, please. I have no soft or hard conflicts to report.
JustinCappos
commented
1 year ago Please ping us once you have a draft of the self-assessment and we can start to put a team together.
sublimino
commented
1 year ago Hi @akgraner and team!
I'll be the lead security reviewer for this project.
Do you have any inclination of when you'll be ready to start considering the self-assessment process?
We also have a Security Pals process that can assist you with preparing for the self assessment document if that would be of interest.
I've created a sec-assess-kubeflow channel if you'd like to discuss anything on Slack :pray:
akgraner
commented
1 year ago Hi Andrew et al,
Thank you so much. We’re shooting for the end of August.
Yes, the Security Pals process would be of interest. I’ve been looking through your guides and checklists so I can share with the team and we can start going through it.
Anything you can/would like to share would be greatly appreciated.
With gratitude, ~akgraner on behalf of the Kubeflow Security Team
On Thu, Aug 3, 2023 at 8:38 AM Andrew Martin @.***> wrote:
Hi @akgraner https://github.com/akgraner and team!
I'll be the lead security reviewer for this project.
Do you have any inclination of when you'll be ready to start considering the self-assessment process?
We also have a Security Pals process that can assist you with preparing for the self assessment document if that would be of interest.
I've created a sec-assess-kubeflow https://app.slack.com/client/T08PSQ7BQ/C05L2H3CKJR channel if you'd like to discuss anything on Slack 🙏
— Reply to this email directly, view it on GitHub https://github.com/cncf/tag-security/issues/1079#issuecomment-1664002156, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABPJ3ZOAGEIICZ2KPAEZIBTXTOSV5ANCNFSM6AAAAAAYMK6XZU . You are receiving this because you were mentioned.Message ID: @.***>
-- Sent from Gmail Mobile
yfolias
commented
1 year ago I would like to volunteer for this review as well, if possible. No soft or hard conflicts on my end
akgraner
commented
1 year ago Thank you all so very much.
On Sat, Aug 12, 2023 at 2:29 PM Yannis Folias @.***> wrote:
I would like to volunteer for this review as well, if possible. No soft or hard conflicts on my end
— Reply to this email directly, view it on GitHub https://github.com/cncf/tag-security/issues/1079#issuecomment-1676067313, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABPJ3ZNXVLDLTUQPOB7DFMDXU7KQJANCNFSM6AAAAAAYMK6XZU . You are receiving this because you were mentioned.Message ID: @.***>
-- Sent from Gmail Mobile
victorjunlu
commented
1 year ago @sublimino Interested in volunteering for this review. This will be my second time volunteering as tag security reviewer. No conflict on my end.
sublimino
commented
1 year ago Hi @akgraner and team! I hope you've had a great summer. Do you have any indications of your timescale to start this assessment?
vicenteherrera
commented
9 months ago Hi, I would like also to help when this work continues. No conflicts here, just I'm usually into many fronts, but I'll find time for this.
akgraner
commented
9 months ago Awesome! Thank you all!
~Amber
Sent from Gmail Mobile
On Wed, Dec 20, 2023 at 12:17 PM Vicente Herrera @.***> wrote:
Hi, I would like also to help when this work continues. No conflicts here, just I'm usually into many fronts, but I'll find time for this.
— Reply to this email directly, view it on GitHub https://github.com/cncf/tag-security/issues/1079#issuecomment-1864925273, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABPJ3ZMLD5FQCOI7EAK2V7TYKMTSVAVCNFSM6AAAAAAYMK6XZWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNRUHEZDKMRXGM . You are receiving this because you were mentioned.Message ID: @.***>
lcostea
commented
8 months ago If possible I would like to be an observer. No conflicts on my end. Thanks.
TheFoxAtWork
commented
8 months ago @akgraner following up on this - is Kubeflow ready to engage with TAG Security on this? The joint-review will need members of Kubeflow to support TAG Security in completing the jointly completing the assessment.
akgraner
commented
7 months ago @TheFoxAtWork - we aren't ready for the official joint assessment, but we are working through the joint assessment.
sublimino
commented
7 months ago We have begun the security-pals self-assessment process today, with an intro call and working document.
The goals are to understand current security efforts, ensure collation of relevant documentation, and scope the joint assessment through the self-assessment document. We'll work through another meeting, present and gain corrections from the maintainers, and aim for the joint assessment post-Kubecon — where we hope to meet at the STAG Unconference :blush: Many thanks for attending @akgraner, your contributions are invaluable.
/cc @TheFoxAtWork
TheFoxAtWork
commented
7 months ago Wicked! Thanks!
sublimino
commented
7 months ago Hello all, we'll continue the self-assessment preparation this Wednesday 21st, 2pm UK time (other TZs):
Kubeflow Threat Model Working Session (TAG Security) Wednesday, 21 February · 14:00 – 15:00 Time zone: Europe/London Google Meet joining info Video call link: https://meet.google.com/ayp-ctvn-oee Or dial: (GB) +44 20 3957 1685 PIN: 642 661 786# More phone numbers: https://tel.meet/ayp-ctvn-oee?pin=5129528357352
akgraner
commented
7 months ago Thank you for setting this up. I’ll share with the team and get some more folks to contribute to the assignment and see if they can join.
Sent from Gmail Mobile
On Fri, Feb 16, 2024 at 8:49 AM Andrew Martin @.***> wrote:
Hello all, we'll continue the self-assessment preparation this Wednesday 21st, 2pm UK time (other TZs https://www.worldtimebuddy.com/?qm=1&lid=2643743,5397765,3169070&h=2643743&date=2024-2-21&sln=14-15&hf=1 ):
Kubeflow Threat Model Working Session (TAG Security) Wednesday, 21 February · 14:00 – 15:00 Time zone: Europe/London Google Meet joining info Video call link: https://meet.google.com/ayp-ctvn-oee Or dial: (GB) +44 20 3957 1685 PIN: 642 661 786# More phone numbers: https://tel.meet/ayp-ctvn-oee?pin=5129528357352
— Reply to this email directly, view it on GitHub https://github.com/cncf/tag-security/issues/1079#issuecomment-1948521669, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABPJ3ZLXD4BT67GURRZZT5TYT5WWNAVCNFSM6AAAAAAYMK6XZWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNBYGUZDCNRWHE . You are receiving this because you were mentioned.Message ID: @.***>
JustinCappos
commented
6 months ago This looks stalled. If not, please update the issue and I'll move it to the appropriate part of the queue
mrcdb
commented
5 months ago Hi @JustinCappos !
We are currently in a naive questions phase on this project, and we have set up a follow-up meeting with @akgraner to discuss the next steps for Tuesday, 9/4. Details have been shared in the Slack channel.
The working document (based on the self-assessment template) is here, we highlighted the open questions for the Kubeflow team: https://docs.google.com/document/d/1ROvqsHtmEOxbX3fvN1fkDCtELHaRRDdA-UKezz59ZKQ/edit#heading=h.ri0460k7tpla
PushkarJ
commented
5 months ago Signing off with co-chair hat that the reviewers have indicated looking at the GitHub issue comments that they do not have any conflicts.
(Please point me to a comment if there is one where a conflict of interest was highlighted that I missed)
mrcdb
commented
5 months ago @PushkarJ I confirm I have no hard or soft conflicts as a reviewer on this assessment.
sublimino
commented
4 months ago Hi @akgraner, congratulations on the Kubeflow 1.9 rc!
We're stalled waiting for comments from the project on the review doc https://docs.google.com/document/d/1ROvqsHtmEOxbX3fvN1fkDCtELHaRRDdA-UKezz59ZKQ/edit
We can't move further until we have more detailed guidance, so please let us know when there's likely to be bandwidth from the Kubeflow team and we can schedule in more time.
Project Name: Kubeflow Project
Github URL: https://github.com/kubeflow/kubeflow/tree/master/security
Currently, we are working with Ricardo to get Kubeflow into the CNCF, we are working on going straight into incubation - https://github.com/cncf/toc/pull/1042 (incubation)
Ricardo suggested that we open this issue now, since we are in the beginning stages of setting up our security team as well as our policies and procedures. I don't think we are ready for the formal security review, but we wanted to make sure you all are aware of our on-going efforts. Please let us know what else you need from us.
CNCF project stage and issue NA
Security Provider: yes (e.g. Is the primary function of the project to support the security of an integrating system?)