Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Post-Graduation Suggestion Tracker #35

Open
1 of 12 tasks
SgtCoDFish opened this issue Sep 2, 2024 · 1 comment
Open
1 of 12 tasks

Post-Graduation Suggestion Tracker #35

SgtCoDFish opened this issue Sep 2, 2024 · 1 comment

Comments

@SgtCoDFish
Copy link
Member

SgtCoDFish commented Sep 2, 2024
edited
Loading

In the due diligence PR for cert-manager's graduation, there's a list of suggestions made by TAG Security and TAG Contributor Strategy during their respective reviews of the cert-manager project.

This is a catch-all issue for us to track progress towards achieving those suggested tasks.

WIP: We'll create sub tasks for individual suggestions which will take more work. For now, this is a tracking issue.

  • Complete a joint assessment with TAG Security reviewers.
  • TAG Security encourages the expansion of the current use of go vet and implement govulncheck as planned. It would be beneficial to update your OpenSSF Best Practices information if these have been addressed.
  • TAG Security recommends completing the silver and gold level criteria, as the project likely already meets most of them.
  • TAG Security suggests considering security audits for sub-projects like trust-manager and csi-driver. Perhaps the CNCF can batch these in a follow-up audit.
  • TAG Contributor Strategy recommends to add in/out of scope information to the readme, roadmap, or contributor documentation.
  • TAG Contributor Strategy recommends to add role qualifications for each step on the contributor ladder. This is particularly important for the maintainers, where other docs refer to Maintainer qualifications that don't exist.
  • TAG Contributor Strategy recommends to add a process for removing Maintainers (and SC members) for reasons other than inactivity, such as violating the CoC or disruptive behavior. (Update governance docs around code of conduct violations #36)
  • TAG Contributor Strategy recommends to link to the list of official channels and meetings in the contributor docs from the Governance document.
  • TAG Contributor Strategy recommends to gradually build up the sub-projects into their own entities, allowing new contributors to take ownership of them. This will require adding to the main Governance for these roles.
  • TAG Contributor Strategy recommends to have another Steering meeting, in order to keep Steering members engaged.
  • TAG Contributor Strategy recommends to make sure that the Community repo is linked from appropriate other places, like the main development repos and the contributor docs.
  • TAG Contributor Strategy recommends to figure out a low-effort way to record maintainer decisions for posterity, such as a simple text log.
@SgtCoDFish SgtCoDFish mentioned this issue Sep 2, 2024
Merged
SgtCoDFish added a commit to SgtCoDFish/cert-manager-community that referenced this issue Sep 5, 2024
@SgtCoDFish
update governance docs around code of conduct violations
140142b 
It was recommended in our graduation review (see cert-manager#35) that we:

> ...add a process for removing Maintainers (and SC members)
> for reasons other than inactivity, such as violating the CoC
> or disruptive behavior.

This commit attempts to codify that removal process.

Most of the legwork for the process is already done in the CNCF
foundation repo:

https://github.com/cncf/foundation/tree/main/code-of-conduct

Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
@SgtCoDFish SgtCoDFish mentioned this issue Sep 5, 2024
Merged
@SgtCoDFish
Copy link
Member Author

SgtCoDFish commented Sep 6, 2024
edited
Loading

#36 is the first step of this. All reviews welcome! Unless there's a blocker, the lazy consensus period for reviewing will expire on 2024-09-12 at 12:00 London time

EDIT: Lazy consensus finished, this has now merged!

SgtCoDFish added a commit to SgtCoDFish/cert-manager-community that referenced this issue Sep 9, 2024
@SgtCoDFish
update governance docs around code of conduct violations
60a6189 
It was recommended in our graduation review (see cert-manager#35) that we:

> ...add a process for removing Maintainers (and SC members)
> for reasons other than inactivity, such as violating the CoC
> or disruptive behavior.

This commit attempts to codify that removal process.

Most of the legwork for the process is already done in the CNCF
foundation repo:

https://github.com/cncf/foundation/tree/main/code-of-conduct

Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
SgtCoDFish added a commit to SgtCoDFish/cert-manager-community that referenced this issue Sep 10, 2024
@SgtCoDFish
update governance docs around code of conduct violations
3e87601 
It was recommended in our graduation review (see cert-manager#35) that we:

> ...add a process for removing Maintainers (and SC members)
> for reasons other than inactivity, such as violating the CoC
> or disruptive behavior.

This commit attempts to codify that removal process.

Most of the legwork for the process is already done in the CNCF
foundation repo:

https://github.com/cncf/foundation/tree/main/code-of-conduct

Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@SgtCoDFish