[CNCF] CII Best Practices Badge

[dcmiddle]

Parts of the CNCF onboarding issue tracked by this issue

This is the list of all bullet points from the CNCF onboarding issue that this issue will track:

• CII: Start on a CII best practices badge https://bestpractices.coreinfrastructure.org/en

[dcmiddle]

The CII Best Practices badge is meant to help maintainers be conscious if not fulfill security best practices.
It needs to be started as a team in a live discussion - probably one of our thursday sessions. Typically it takes more than 1 full session to complete. We aren't required to immediately complete the badge (which could take months to satisfy certain criteria) but we do need to get a solid start. This probably means consuming the bulk of one of the next ~3 meetings in order to make the 1 month CNCF deadline.

[dcmiddle]

I initiated the badge process. I will fill in some of the boilerplate material directly, but most of this should be discussed in the community meeting.
https://bestpractices.coreinfrastructure.org/en/projects/5719

[fitzthum]

Planning to discuss during community meeting on the 31st. As you say, we definitely won't be able to complete all of the requirements before onboarding, but these seem like very thorough guidelines that will benefit the project and overlap significantly with requirements for incubation.

[dcmiddle]

We could also do it 2022/03/24.

[ariel-adam]

Dan, what remains to do on this issue?

[dcmiddle]

We have met the letter of the requirement by starting the badging process. However, to fulfill the spirit of the requirement I will be adding issues which cover the unmet portions of the badging checklist.
I created a security-badge label for those issues.
Once those issues are created and socialized with the community we can move this onboarding issue to complete.

[dcmiddle]

Labeled issues: https://github.com/confidential-containers/community/issues?q=is%3Aissue+is%3Aopen+label%3Asecurity-badge

[dcmiddle]

The onboarding task requirements are complete...

• The badge is started and stands at 27% complete at the moment.
• A backlog of labeled issues is created.
• We have completed a few live discussions in the community meeting:
  https://docs.google.com/document/d/1E3GLCzNgrcigUlgWAZYlgqNTdVwiMwCRTJ0QnJhLZGA/edit#heading=h.qo5uv6tg7dfy.

[ariel-adam]

@dcmiddle is this issue still relevant or can be closed?
If it's still relevant to what release do you think we should map it to (mid-November, end-December, mid-February etc...)?