tag-security
tag-security copied to clipboard
cncf
[Proposal] Tighten collaboration between CNCF TAG-Security and OpenSSF
Description: There is a lot of overlap in terms of the goals of CNCF TAG-Security and OpenSSF. This results in quite a few overlapping deliverables and member participation. The goal of this issue is to figure out a way to consolidate efforts when appropriate.
Impact: This will help result in deduplication of efforts between groups and concentrate efforts to produce deliverables more quickly and of higher quality. It will also provide a way for members of the community interested in participating in both communities a way to engage cohesively.
Scope:
Initial meeting between OpenSSF and CNCF TAG-Security representatives to explore ideas and based on that, document outcomes in the related groups section of the repo and create several issues to execute decisions.
Ideas for doing this include, but not limited to:
- Cross-listing CNCF supply chain wg on the OpenSSF calendar
- Having bi-weekly/monthly CNCF/OpenSSF joint working groups
- Have deliverables based in both groups and establish attribution between the two groups
TO DO
- [x] Security TAG Leadership Representative: @lumjjb
- [ ] Project leader(s):
- [ ] Project Members:
- [ ] Fill in addition TODO items here so the project team and community can see progress!
- [ ] Scope
- [ ] Deliverable(s)
- [ ] Project Schedule
- [ ] Slack Channel (as needed)
- [ ] Meeting Time & Day:
- [ ] Meeting Notes (link)
- [ ] Meeting Details (zoom or hangouts link)
- [ ] Retrospective
In this context Mikko Yilen (Intel) is reaching out to CRob (OSSF/Intel) to jump start this effort. Shall update.
This issue has been automatically marked as inactive because it has not had recent activity.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
@mkbhanda thanks for offering to update, do you know if Mikko and CRob managed to converse? 🙏
They did chat, but other priorities on Mikko plate, in particular Confidential containers V0.1 and V0.2. Thank you for checking.
From: Andrew Martin @.> Sent: Wednesday, November 23, 2022 12:18 AM To: cncf/tag-security @.> Cc: Bhandaru, Malini @.>; Mention @.> Subject: Re: [cncf/tag-security] [Proposal] Tighten collaboration between CNCF TAG-Security and OpenSSF (Issue #969)
@mkbhandahttps://github.com/mkbhanda thanks for offering to update, do you know if Mikko and CRob managed to converse? 🙏
— Reply to this email directly, view it on GitHubhttps://github.com/cncf/tag-security/issues/969#issuecomment-1324691696, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAUTXVO6OUKSCPJYHCD5YQTWJXHJ7ANCNFSM55WXVZZQ. You are receiving this because you were mentioned.Message ID: @.@.>>
From a discussion with @lumjjb, we have several individuals in the TAG leadership who are active participants in the OpenSSF, and regular attendees of the different meetings, and there is fluid communication between the two different organizations.
Worth noting collaboration and knowledge exchange are part of the TAGs charter. Will be closing this issue as this is part of the day to day role of TAG chairs and leads.
