sandbox
sandbox copied to clipboard
cncf
[SANDBOX PROJECT ONBOARDING] SOPS
Welcome to CNCF Project Onboarding! This is an issue created to help onboard your project into the CNCF after the TOC has voted to accept your project. We would like to complete onboarding within one month of acceptance.
From the project side, please ensure that you:
- [x] Understand the project proposal process and reqs: https://github.com/cncf/toc/blob/main/process/project_proposals.md#introduction
- [x] Understand the services available for your project at CNCF https://www.cncf.io/services-for-projects/
- [ ] Ensure your project meets the CNCF IP Policy: https://github.com/cncf/foundation/blob/master/charter.md#11-ip-policy
- [x] Review the online programs guidelines: https://github.com/cncf/foundation/blob/master/online-programs-guidelines.md
- [x] Understand the trademark guidelines: https://www.linuxfoundation.org/en/trademark-usage/
- [x] Understand the license allowlist: https://github.com/cncf/foundation/blob/master/allowed-third-party-license-policy.md#approved-licenses-for-allowlist
- [ ] Is your project working on written, open governance? see https://contribute.cncf.io/maintainers/governance/
- [x] Slack: Are your slack channels migrated to the Kubernetes or CNCF Slack? (see https://slack.com/help/articles/217872578-Import-data-from-one-Slack-workspace-to-another for more details)
- [x] Is your project in its own separate neutral github organization?
- [x] Submitted a Pull request to add your project as a sandbox project to https://landscape.cncf.io
- [x] Create maintainer list + add to aggregated https://maintainers.cncf.io list by submitting a PR to it
- [x] Artwork: Submit a pull request to https://github.com/cncf/artwork with your artwork
- [x] Domain: transfer domain to the CNCF - https://jira.linuxfoundation.org/plugins/servlet/theme/portal/2/create/63
Things that CNCF will need from the project:
- [x] Provide emails for the maintainers added to https://maintainers.cncf.io in order to get access to the maintainers mailing list and ServiceDesk - [email protected] is the best email to send those to
- [x] Trademarks: transfer any trademark and logo mark assets over to the LF - https://github.com/cncf/foundation/tree/master/agreements has agreements
- [x] GitHub: ensure 'thelinuxfoundation' and 'caniszczyk' are added as initial org owners, this helps us make sure we have continuity of GH ownership that we will onboard to our GitHub Enterprise instance: https://github.com/enterprises/cncf
- [x] GitHub: ensure DCO or CLA are enabled for all GitHub repositories of the project
- [x] GitHub: ensure that that the CNCF Code of Conduct (or your adopted version of it) are explicitly referenced at the project's README on GitHub
- [x] Website: ensure LF footer is there and website guidelines followed (if your project doesn't have a dedicated website, please adopt those guidelines to the README file of your project on GitHub).
- [x] Website: Analytics transferred to [email protected]
- [ ] OpenSSF Best Practices Badge: Start on an OpenSSF Best Practices Badge https://bestpractices.coreinfrastructure.org/en
Things that the CNCF will do or help the project to do:
- [x] Devstats: add to devstats https://devstats.cncf.io/
- [x] Insights: add to LFX Insights https://insights.v3.lfx.linuxfoundation.org/
- [x] Marketing: update relevant intro + slide decks
- [x] Events: update CFP + Registration + CFP Area forms
- [x] ServiceDesk: confirm maintainers have read https://www.cncf.io/services-for-projects/
- [x] CNCF Welcome Email Sent to confirm maintainer list access
- [x] Book time with the team with http://project-meetings.cncf.io
- [x] Create space for meetings/events on https://community.cncf.io, e.g., https://community.cncf.io/pravega-community/ - (https://github.com/cncf/communitygroups/blob/main/README.md#cncf-projects)
- [X] Adopt a license scanning tool, like FOSSA or Snyk
Checking in on this one: @hiddeco -
- Submitted a Pull request to add your project as a sandbox project to https://landscape.cncf.io/
This both puts your project on the landscape and the CNCF projects page, so it's pretty important!
Checking in on this one: @hiddeco -
- Submitted a Pull request to add your project as a sandbox project to https://landscape.cncf.io/
This both puts your project on the landscape and the CNCF projects page, so it's pretty important!
Quick ping on this, this gets you on the sandbox project page on the website. @hiddeco - anyone else I should work with on this?
I am still awaiting the official handover from Mozilla Foundation, which is blocking further announcements.
I am still awaiting the official handover from Mozilla Foundation, which is blocking further announcements.
Ah, got it! I will hold then.
Bit of a jigsaw puzzle here in terms of getting things done in the right order, as we are lacking an artwork at present which seems to be pretty much required for the landscape.
I am working on resolving the maintainers list first, will then get us onto https://maintainers.cncf.io, to then make use of the ServiceDesk.
However, I can confirm at present:
- [x] Understand the project proposal process and reqs: https://github.com/cncf/toc/blob/main/process/project_proposals.md#introduction
- [x] Understand the services available for your project at CNCF https://www.cncf.io/services-for-projects/
- [x] Review the online programs guidelines: https://github.com/cncf/foundation/blob/master/online-programs-guidelines.md
- [x] Understand the trademark guidelines: https://www.linuxfoundation.org/en/trademark-usage/
- [x] Understand the license allowlist: https://github.com/cncf/foundation/blob/master/allowed-third-party-license-policy.md#approved-licenses-for-allowlist
- [x] Slack: Are your slack channels migrated to the Kubernetes or CNCF Slack? (see https://slack.com/help/articles/217872578-Import-data-from-one-Slack-workspace-to-another for more details)
- [x] Is your project in its own separate neutral github organization?
Plus:
Aha! This explains a bunch of things. Ok. @RobertKielty for FOSSA for next week.
We have been invited, project should be available in FOSSA dashboard now. We are running into a
You are not permitted to edit this project.
however (using a push-only API key generated from my account), see: https://github.com/getsops/sops/pull/1308
I have sent out an email to [email protected] with details of the FOSSA Setup and I DM'd @sabre1041 on Slack to share credentials.
I will mark FOSSA setup as complete when @sabre1041 has let me know that that SOPS repos are being scanned.
@hiddeco There are a few remaining tasks here before we can close out onboarding. Can you please review and complete these items:
- [ ] Ensure your project meets the CNCF IP Policy: https://github.com/cncf/foundation/blob/master/charter.md#11-ip-policy
- [ ] Is your project working on written, open governance? see https://contribute.cncf.io/maintainers/governance/
- [ ] Start on an OpenSSF Best Practices Badge https://bestpractices.coreinfrastructure.org/en
@hiddeco ping, looks like some simple tasks to check off and then we can mark onboarding complete.
Ensure your project meets the CNCF IP Policy: https://github.com/cncf/foundation/blob/master/charter.md#11-ip-policy
We do meet the DCO, etc. requirements except for the licensing.
This is a tricky issue, as SOPS was donated by Mozilla to the CNCF it has a MPL-2.0 license. Changing this license or reforming it into the preferred Apache-2.0 license is technically possible but difficult, and would need guidance from the CNCF. I sadly lost access to my previous conversations with Chris A. due to Weaveworks closing shop, but I believe he thought it could be done.
Is your project working on written, open governance? see https://contribute.cncf.io/maintainers/governance/
We filed an issue for this, but things have not changed much since then and we are still operating in a "self-elected" manner. I will discuss with the other maintainers, and see if we can prioritize formalizing this in a document.
Start on an OpenSSF Best Practices Badge https://bestpractices.coreinfrastructure.org/en
This seems like the easiest one to pick up :-).
Thanks for the update @hiddeco.
Once you just document the current governance and start on an OpenSSF badge we can mark those tasks complete (they don't have to be done, just started). Please let me know when that happens.
On the MPL front... yes, that may be a bit more complex. I'll find out what we need to do there.
@hiddeco for the MPL issue can you please open an issue with this new license exception request template? We can then use that to track updates on what needs to be done.
@hiddeco any progress on these 3 remaining onboarding tasks?
The GOVERNANCE.md and OpenSSF badge should be pretty straightforward as they just need an initial start.
And for MPL, that one will be a matter of opening an issue with the new template.
A gentle nudge here @hiddeco, @sabre1041, @onedr0p, @felixfontein, @devstein, only a few tasks to do before marking SOPS onboarding complete.
@hiddeco any progress on these 3 remaining onboarding tasks?
The GOVERNANCE.md and OpenSSF badge should be pretty straightforward as they just need an initial start.
And for MPL, that one will be a matter of opening an issue with the new template.
A gentle nudge here @hiddeco, @sabre1041, @onedr0p, @felixfontein, @devstein, only a few tasks to do before marking SOPS onboarding complete.
We are soooo close to finishing the onboarding process for SOPS 😃
Can we mark anything else complete @hiddeco, @sabre1041, @onedr0p, @felixfontein, @devstein?
A gentle nudge here @hiddeco, @sabre1041, @onedr0p, @felixfontein, @devstein, only a few tasks to do before marking SOPS onboarding complete.
We are soooo close to finishing the onboarding process for SOPS 😃
Can we mark anything else complete @hiddeco, @sabre1041, @onedr0p, @felixfontein, @devstein?
Project has been onboarded to the OpenSSF Best Practices Badge
For the remaining items:
- Open Governance
- Is there a good skeleton that we can use aside from this?
- License exception request
Open Governance
- Is there a good skeleton that we can use aside from this?
There are some good resources at https://governance.md/ (which I just found out existed today).
And as far as the contribute.cncf.io site... it also links to this and other docs in the same folder: https://github.com/cncf/project-template/blob/main/GOVERNANCE-maintainer.md
I any case, a governance policy is really up to each project. The important thing is that it's documented.
And you only need to get started, it doesn't need to be completed for Sandbox onboarding (it will be very important as you look to moving to the Incubating and Graduated levels later on).