Closed dlorenc closed 1 year ago
I can add some input about how we do this on the k8s psc, in fact it would be a useful process to go through when we think about projects and OWNERS
and are they really who we think they are. I would like to share findings back with the PSC.
In fact it might be useful to do this with several large OSS projects , just to pitch some ideas: Kubernetes, Linux Kernel and perhaps a dist such as Arch / Debian / Fedora.
I like this idea and would be interested in working on/reviewing.
I agree it would be useful to do this with large OSS projects. k8s and the kernel are great examples, as are distros. The three distros mentioned have very different community styles and I think we'll see some interesting differences in their approaches (any areas of similarity will be interesting to learn about).
As a model for smaller projects it could be worth looking at some of the umbrella organisations which have less uniformity in their development and maintenance practices, but still share a common purpose and infrastructure. Projects which immediately come to mind for me are Freedesktop, Gnome and KDE.
@lukehinds I'm curious if the k8s psc typical or atypical of processes for k8s projects? Are any findings brought back to the PSC likely to have an affect on the wider k8s organisation?
@joshuagl
I'm curious if the k8s psc typical or atypical of processes for k8s projects? Are any findings brought back to the PSC likely to have an affect on the wider k8s organisation?
They can do. In respect of OWNERS
contact files in the projects, when a vulnerability is found we (PSC) bring them into the embargoed process to look at authoring a fix. Most of the time we know these folks personally and they have company based email addresses, but I wonder if there could be possible risk in this process that might be improved.
Awesome! I'll get a skeleton doc setup and shared with everyone where we can start filling in ideas for projects and content for each one.
Skeleton started here: https://docs.google.com/document/d/1l9CsTzQoh9ATcyrWms62zr15_XkYeAGlq3i_bIHp2I0/edit?usp=sharing
Feel free to hop in!
Don't believe this to be apart of our current vision/mission. Would like to close this stale card.
@hepwori @camaleon2016 please give me a thumbs up to confirm.
Closing this issue. If necessary, will reopen in the future.
A few working groups in other foundations I've seen have published interesting white papers on topics they're interested in.
In tying with our approach of learning from the existing practices of large, existing projects, we could put our own together to cover these as case studies.
Would anyone be interested in working on/reviewing this?
I'm interested in covering the following topics, but open to more: