Actively monitored security email alias for our project: kubernetes-security@daocloud.io

1. Be an actively maintained and CNCF-certified distribution of Kubernetes components.
DaoCloud is in the list of https://www.cncf.io/certification/software-conformance/

• and we also maintain an opensource project kubean(which is a kubespray operator). It is listed in Certified Kubernetes - Installer part of the page above.

2. Have a user base not limited to your own organization.
Yes

3. Have a publicly verifiable track record up to the present day of fixing security issues.

• We tried to extend the kubernetes long-term support at https://github.com/klts-io/kubernetes-lts. And we will try to help in WG-LTS after the workgroup is revived.
• We have submitted several CVEs to hackone. One of them is https://hackerone.com/reports/867699 by Kebe from Daocloud.

4. Not be a downstream or rebuild of another distribution.
No.

5. Be a participant and active contributor in the community.
https://k8s.devstats.cncf.io/d/9/companies-table?orgId=1
DaoCloud ranks top 10 in kubernetes community contributions in history, and top 5 if only counting recent 3 years.

Some of the active contributors from DaoCloud in the community:

• @pacoxu member of Kubernetes Steering Committee; kubeadm maintainer; sig-node reviewer; release signal team lead;
• @wzshiming kwok(sig-scheduling & sig autoscaling sponsored subproject) maintainer; sig node reviewer.
• @kerthcet sig scheduling approver and kueue approver, also working wg-serving & LWS & kube-scheduler-wasm-extension.
• @mengjiao-liu wg-structured-logging chair, sig instrumentation reviewer, sig-doc zh approver & en reviewer
• @windsonsea @my-git9 sig doc zh approver； @Zhuzhenghao @kinzhi are SIG-DOC-ZH reviewers
• @yankay kubespray(subproject) maintainer; we also have @cyclinder @ErikJiang two kubespray reviewers
• @carlory is now SIG Storage and CSI Reviewer.

Besides code contributions, we also organized several KCD and KCS in China including KCS China 2023, KCD Beijing 2021&2023, KCD Shanghai 2021&2024, KCD Chengdu 2022 and KCD Shenzhen 2023.

• @Iceber who is CNCF ambassador and containerd/clusterpedia/wasmcloud maintainer, lead the organization of recent several KCDs.
  Most of the SIG maintainer talks in KubeCon China 2023 are by DaoClouder, including SIG-Scheduling, SIG-Node, SIG-Instrumentation, Kubespray, KWOK sessions.

BTW, we also try to maintainer kube lts version in https://github.com/klts-io/kubernetes-lts for an extended period, and it is open-source and only focus on high value CVEs currently.

6. Accept the Embargo Policy.

Yes.

7. Be willing to contribute back.

yes

8. Have someone already on the list vouch for the person requesting membership on behalf of your distribution.
VMware and Microsoft below.

• add kubernetes-security@daocloud.io to distributors-announce list k8s.io#5361: add kubernetes-security@daocloud.io to https://github.com/kubernetes/k8s.io/blob/main/groups/committee-security-response/groups.yaml

More information can be found in https://github.com/DaoCloud, https://www.daocloud.io/en/ and https://docs.daocloud.io/en/.