Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
CNCF SIGs Final Proposal #194
This is simply the doc below, which has been under heavy public development and review since early Dec 2018, converted to markdown so that it can be voted upon and merged.
As discussed in the related email thread, and on the TOC call today, precise SIG names, scope definitions and charters will be finalized while bootstrapping each SIG - the names in this doc should not considered final.
In terms of naming for the security + other topics SIG, I don't like "Oversight" because I think it also doesn't cause people glancing at the name to assume security falls under its purview. I would prefer one of the names with an '&' as they all imply there is more than just security here. I personally prefer Security & Policy. My reasoning is that compliance and governance are each such deep and complex topics that have a myriad of formal implications in different communities. I worry that using either of those words in the SIG name implies efforts the SIG may not be willing to undertake...…
On Fri, Feb 8, 2019 at 2:26 PM Geri Jennings ***@***.***> wrote: ***@***.**** commented on this pull request. ------------------------------ In sigs/cncf-sigs.md <#194 (comment)>: > + <td>Area</td> + <td>Current CNCF Projects</td> + </tr> + <tr> + <td>Traffic</td> + <td>networking, service discovery, load balancing, service mesh, RPC, pubsub, etc.</td> + <td>Envoy, Linkerd, NATS, gRPC, CoreDNS, CNI</td> + </tr> + <tr> + <td>Observability</td> + <td>monitoring, logging, tracing, profiling, etc. +</td> + <td>Prometheus, OpenTracing, Fluentd, Jaeger, Cortex, OpenMetrics, </td> + </tr> + <tr> + <td>Governance</td> There was some question on the mailing list <https://lists.cncf.io/g/cncf-toc/topic/cncf_sigs_proposal/29603804?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,0,29603804> about whether this is the appropriate name for this group. Some key concerns: - The word "governance" is often used to convey human processes of policy (e.g. how decisions are made, roles and responsibilities, etc.) - The word "governance" is used earlier in this same document to describe how the SIGs should be managed - The topics for the SIG and list of projects are more about the software used to implement security and privacy, along with ensuring compliance (auditing, etc) - Some open source projects have a GOVERNANCE.md (or similarly named directory) to define project roles and decision-making process (examples: Node, cloudevents, SAFE, docker, k8s community) Alternative suggestions that were made: - Security - Security & Policy - Secure Access for Everyone - Security & Compliance - RegSec - Security & Governance - Oversight — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#194 (review)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AA0XD-FXcuGFntbWBFYEYoRn9FMLA6dTks5vLc9zgaJpZM4akad5> .
This has been approved finally.
+1 binding TOC votes (9/9):
Here are the initial SIGs planned with TOC liaisons:
We will focus on getting the Security/Governance SIG off the ground first to pilot things and then follow with the other SIGs.