mfdii
commented
4 years ago Dup of #888
Closed krisnova closed 4 years ago
mfdii
commented
4 years ago Dup of #888
fntlnz
commented
4 years ago /triage duplicate
fntlnz
commented
4 years ago Let's close #888 since this has more context?
fntlnz
commented
4 years ago /remove-triage duplicate
fntlnz
commented
4 years ago Should we make the channel on the sysdig Slack read only after writing a message about the migration?
krisnova
commented
4 years ago Works for me - I think we just need an owner here - do you want to take this one @fntlnz?
krisnova
commented
4 years ago /assign @kris-nova
@caniszczyk do you know if the CNCF will let us do shared slack channels?
We talked about this on the Falco call today, and we think this approach would be the best so we aren't forcing everyone to leave/re-join a new slack channel. The CNCF would be the source of truth and the currently slack channel just mirror that.
https://slack.com/resources/slack-for-admins/shared-channels-in-slack
caniszczyk
commented
4 years ago @kris-nova no due to the privacy policy implications, the CNCF channel needs to be source of truth and a vendor can not own the slack
krisnova
commented
4 years ago Ah sorry - that is what I was trying to get to. Having the CNCF be the source of truth, and then sharing the channel with other slack orgs like the link above suggests. If it's not possible we can just use the CNCF slack - just trying to be as least disruptive as possible.
CC @caniszczyk
caniszczyk
commented
4 years ago Hey can we do this before it becomes more disruptive?
I'm open to considering shared channels once I understand the privacy policy issues.
stale[bot]
commented
4 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
amye
commented
4 years ago Hey all, I know we had a conversation going about doing this around KubeCon, but we should look to tackling this in April. Rough timeline: 1) Announce that we're moving to the CNCF channel week of April 6th? -- Cutoff of April 17th for move? -- April 20 read only
Does that sound like a reasonable timeline? (Updating for close in April)
amye
commented
4 years ago @kris-nova: does the above seem like a reasonable timeframe?
amye
commented
4 years ago @kris-nova, @fntlnz, checking back in here - can we look to doing this this week?
leodido
commented
4 years ago AFAIK @kris-nova is handling this but she’s out this week.
On Tue, 7 Apr 2020 at 20:39, Amye Scavarda Perrin notifications@github.com wrote:
@kris-nova https://github.com/kris-nova, @fntlnz https://github.com/fntlnz, checking back in here - can we look to doing this this week?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/falcosecurity/falco/issues/983#issuecomment-610553844, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA5J44GRYPC56RJJLVHPF3RLNXNBANCNFSM4J4KVZHQ .
-- L.
amye
commented
4 years ago Good to know! I'll check back in on Monday.
amye
commented
4 years ago Hey @kris-nova! I know we're past the early April timeline, here's updated:
krisnova
commented
4 years ago With the recent security concerns with zoom - can we revisit this for open source comms?
We have mentioned possibly adopting a tool like matrix. Let's bring this up on the next weekly call (which I am leading).
amye
commented
4 years ago New timeline as promised in April 22nd Falco call
Steps:
amye
commented
4 years ago Hey all, checking in on this timeline again from the April 22nd call: @kris-nova What channels need to be created in the CNCF Slack to make this seamless?
amye
commented
4 years ago A better update from the Slack team: https://slack.com/help/articles/217872578-Import-data-from-one-workspace-to-another is possible!
caniszczyk
commented
4 years ago Let us know when you want to do the export/import dance, we've submitted a PR to fix Slack references on the website, I don't know if there are others in .md files but couldn't find any.
krisnova
commented
4 years ago Hey thanks for reaching out. In a perfect world we could get this done ASAP - I think we are all ready to have this knocked out at this point.
During the call @amye mentioned that projects like Kubernetes and OPA were able to get a dedicated slack org, that was under the cncf umbrella.
I went ahead and created falcosecurity.slack.com and made a handful of Falco maintainers, @caniszczyk, @amye, and Ihor all owners.
Is there anything else we can do so that this new org is "under the CNCF umbrella"? Then we can do the import/export dance and move all the Falco channels over to this new org?
caniszczyk
commented
4 years ago @kris-nova we have enterprise accounts for Kubernetes and CNCF which retain all message history, CNCF won't cover the costs for new Slack enterprise given our contract with Slack, this is why we encourage folks to move to either the Kubernetes slack (like KEDA) or CNCF (most other projects).
For projects like OPA we still have to migrate them somewhere.
krisnova
commented
4 years ago So we have never had any issues with slack content history in the past. This is the first anyone has ever brought it up to my knowledge.
Can we just use the free plan and have the CNCF be owners/admins with as well as the Falco community? I believe the enterprise slack plans let you do an export of public/private channels as well as DMs https://slack.com/help/articles/201658943-Export-your-workspace-data
So if we move the slack over to an enterprise org I would like to inform the community (we are a security community after all) that the new workspace will not have the same privacy guarantees as to the old one.
caniszczyk
commented
4 years ago @kris-nova we don't prefer that route as what eventually happens is communities want to upgrade to a pro plan to retain history and make it searchable, this has happened with multiple CNCF projects in the past along with Kubernetes. We also have slack admins staffed in both the Kubernetes and CNCF Slacks to deal with any major issues.
krisnova
commented
4 years ago Is there a path forward where we can retain the community's sense of privacy while still satisfying the concerns of having a slack under the CNCF umbrella?
If that is not an option - and this is a mandate - I would still like to be very clear about the privacy concern here for our community members. Having a safe place to work/collaborate is very important in driving adoption and creating a sense of safety within the community.
I can't help but wonder if there is a path forward that satisfies all these cases:
If we have to take the privacy hit - then so be it - we should just make it well known that all conversation is to be considered readily available by the CNCF.
As security-focused community privacy is our top priority and we wouldn't want to jeopardize any of our end users leaking trade secrets or sensitive detail about their stack. We have real production users who at times need to share sensitive detail about their stack with owners in the Falco project for guidance. If there is a risk of that sensitive detail being leaked without their knowledge we as an open-source community owe them a warning.
caniszczyk
commented
4 years ago We require everyone to abide by the LF/CNCF Privacy Policy which has I think has stronger guarantees than what is currently offered by Sysdig or most companies for that matter (couldn't find your privacy policy online): https://www.linuxfoundation.org/privacy/
There's also a track record of the Kubernetes and CNCF Slacks over the last 5 or so years to consider with nearly 100,000 users in slack.
I think offering end users a heads up when they join that this privacy policy applies https://www.linuxfoundation.org/privacy/ and the code of conduct would be great.
krisnova
commented
4 years ago Okay so path forward:
Update the documentation on falco.org with the new slack workspace.
Add a warning to falco.org website that references the LF privacy policy. Specifically this bit:
Communications. When you communicate with us (via email, phone, through the Sites or otherwise), we may maintain a record of your communication.
Do the import/export dance once the website changes go live.
Announce the changes and remind folks to review the privacy policy.
Sound like a plan to everyone?
krisnova
commented
4 years ago Also regarding the import/export - should we offer the community time to opt-out before we add users to a new workspace with a presumed privacy policy? I have never done this before so I am learning as I go here. I am just asking myself -- what would I want as a user.
I think I would want to understand what is happening - and how that would impact me - and have an easy way to opt-out.
caniszczyk
commented
4 years ago The plan sounds great, when Amye is back from vacation next week she can take the lead to work on this with you.
re: user opting out timeframe sounds like an awesome idea, we should make that as part of the announcement and say that here is the timeline, when the transition will happen and if you want to opt you, do it before this date (and here is how to do it).
On Fri, May 8, 2020 at 12:36 PM Kris Nova notifications@github.com wrote:
Also regarding the import/export - should we offer the community time to opt-out before we add users to a new workspace with a presumed privacy policy? I have never done this before so I am learning as I go here. I am just asking myself -- what would I want as a user.
I think I would want to understand what is happening - and how that would impact me - and have an easy way to opt-out.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/falcosecurity/falco/issues/983#issuecomment-625931503, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAPSINTWS74WW5B7E75JHTRQQ7JXANCNFSM4J4KVZHQ .
-- Cheers,
Chris Aniszczyk http://aniszczyk.org +1 512 961 6719
krisnova
commented
4 years ago Sounds great - I think I speak for all of us when I say how excited we are to have support for Falco from the CNCF like this.
I will bring this thread up during out next community call and as soon as we have everything in place we can merge the changes to the website.
amye
commented
4 years ago Hey @kris-nova, what do you think about this timeline?
Which channels are being actively used that need to be created in CNCF Slack?
krisnova
commented
4 years ago Yeah this looks good - We are announcing the changes this week and will have updates to the website and github repositories to work in concert with them as they go live
We should see a warm cutover before next week's community call next wednesday, and a deprecation model put in place before permanently archiving our current slack
I will post updates here as they happen, and will not close the issue until we are completely cutover
thanks for being patient with us :)
amye
commented
4 years ago oh this is excellent news! Thank you!
On Tue, May 19, 2020 at 10:51 AM Kris Nova notifications@github.com wrote:
Yeah this looks good - We are announcing the changes this week and will have updates to the website and github repositories to work in concert with them as they go live
We should see a warm cutover before next week's community call next wednesday, and a deprecation model put in place before permanently archiving our current slack
I will post updates here as they happen, and will not close the issue until we are completely cutover
thanks for being patient with us :)
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/falcosecurity/falco/issues/983#issuecomment-630980624, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA2FGJNDPBEWRDPEM3FO23RSLBJXANCNFSM4J4KVZHQ .
-- Amye Scavarda Perrin | Program Manager | amye@linuxfoundation.org
krisnova
commented
4 years ago Following up on the weekly call that just happened.
The community seems to agree that we would like to move to the Kubernetes slack officially.
Some links and resources to share the good news:
The next steps
leodido
commented
4 years ago Also, this PR updates the slack URL in the organization-wide CONTRIBUTING.md file (so that all the other Falco projects will have it into their inherited CONTRIBUTING.md file).
coderanger
commented
4 years ago @kris-nova @leodido Could you please fill in some blanks as to why between yesterday and today this appears to have pivoted from CNCF Slack to Kubernetes Slack? I think there may have been some discussion on your side that is not recorded here so the reasoning is not obvious :)
krisnova
commented
4 years ago What blanks are you missing?
Following this thread above :point_up: there was a strong encouragement to move to a slack under "the CNCF umbrella". @caniszczyk let us know that there would not be funding available in the case a newly created slack wanted to move from the free version to enterprise.
This left the Falco community with 3 options.
We picked slack.k8s.io based on the current users, and the fact that I was able to encourage slack to give the Kubernetes slack a free enterprise account via twitter.
The decision was made on our weekly call
Ultimately there a few things I would like to remind everyone of.
1) This was a disruption and a nuisance to the Falco end-users, as well as the maintainers. We did this out of good faith and chose the path that we felt would be the best for everyone. Slack exists as a convenience tool so that a community can thrive. We were (and still are) happy to hand over shared root access to slack.sysdig.com to anyone active in that workspace. We will ultimately be archiving and blocking any of the Falco related channels here. Despite our best effort to salvage the ~3k open source users in that slack workspace the CNCF pushed us to transition for reasons I don't completely understand.
2) Conversations will always happen in places we can not control. Part of being a good manager and a healthy leader is sharing context, not control. We will never be able to completely control the conversation and where they happen. There is a reason that there are falco channels in the following places.
We see this same pattern with Kubernetes.
3) We are here to share and build healthy software. The Falco community was forced with a difficult decision for reasons our community did not understand, and given the constraints of the decision we picked one of our 3 options. So far the community seems to welcome and embrace the change in a warm way.
I think the fact that the community is welcoming this change in a warm way, and that the constraints defined above were met -- is a sign of success.
We would love to see you on one of our weekly calls or in the mailing list where we are happy to discuss other avenues and disrupt our community yet again if you are interested in driving this change.
Our community has spent enough time on this issue. We would like to go back to focusing on the quality of our software, then debating over which channel we do that on.
The Linux Foundation is here to support free and open software. Here is a small list of non Linux Foundation communication channels behind Linux - the very project that brought all of this together.
In all of these cases - nobody is attempting to govern or control their content. They exist for the sake of existing and are signs of a successful open source project.
Motivation
In an effort to improve vendor independence can we please start using the CNCF slack as our official source of truth for Slack?
Feature
We can use the following slack feature to begin the migration so that no disruption is caused to our existing slack: https://slack.com/resources/slack-for-admins/shared-channels-in-slack
Alternatives
One alternative would be to do a cold-cutover (maybe over the holiday?) to make this as seamless as possible.
Additional context
We will be discussing this during the OSS call today: https://github.com/falcosecurity/community/issues/64