Open dims opened 2 years ago
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
/remove-lifecycle stale /lifecycle frozen
Over time, when we had questions about some legal issues, we would open issues where some folks with legal background at CNCF would help us navigate them, examples are
more recently,
Committees like Steering, CoCC and Security Response Committee (SRC) are typically entities in Kubernetes that ask/require this sort of help due to the nature of the business they have to conduct in the community. SRC takes care of securing Kubernetes with CVE reporting/embargo processes. Steering makes decisions on top level communications/trademarks/licenses and difficult people situations and the CoCC helps with enforcing and maintaining the Code of Conduct and deals with situations as they arise. Due to this very nature, members of these Committees may very well be under extra scrutiny for their actions from a legal perspective. As an open source project under a foundation it would be best to get more "official" help from the foundation (CNCF or LF) publicly and privately to leaders from the community who are taking on roles in the community.
There are a variety of things we have seen in the open source community such help. Some of the foundations have a private legal related list where folks can privately raise concerns and research options. Others have legal counsel on retainer for when issues arise. Some counsel do pro-bono work in the open source community. In some cases an individual is covered by their companies legal counsel, in the case of many part-timers, more often than not, they are not.
When folks are acting on behalf of the project in a named role, their company counsel may or may not have experience/expertise in how open source works and frankly may not even want to take a risk on behalf of the company. Often, folks don't know what their exposure is either. Mostly we have done fine so far with what we have, But that may not be the case going forward, so we need to come up with fresh ideas and shield our community members and support them in their work for our community.
Here are some of the possibilities: