Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dealing with Legal Affairs in Kubernetes #240

Open
5 tasks
dims opened this issue Mar 25, 2022 · 2 comments
Open
5 tasks

Dealing with Legal Affairs in Kubernetes #240

dims opened this issue Mar 25, 2022 · 2 comments
Labels
lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness.

Comments

@dims
Copy link
Member

dims commented Mar 25, 2022

Over time, when we had questions about some legal issues, we would open issues where some folks with legal background at CNCF would help us navigate them, examples are

more recently,

Committees like Steering, CoCC and Security Response Committee (SRC) are typically entities in Kubernetes that ask/require this sort of help due to the nature of the business they have to conduct in the community. SRC takes care of securing Kubernetes with CVE reporting/embargo processes. Steering makes decisions on top level communications/trademarks/licenses and difficult people situations and the CoCC helps with enforcing and maintaining the Code of Conduct and deals with situations as they arise. Due to this very nature, members of these Committees may very well be under extra scrutiny for their actions from a legal perspective. As an open source project under a foundation it would be best to get more "official" help from the foundation (CNCF or LF) publicly and privately to leaders from the community who are taking on roles in the community.

There are a variety of things we have seen in the open source community such help. Some of the foundations have a private legal related list where folks can privately raise concerns and research options. Others have legal counsel on retainer for when issues arise. Some counsel do pro-bono work in the open source community. In some cases an individual is covered by their companies legal counsel, in the case of many part-timers, more often than not, they are not.

When folks are acting on behalf of the project in a named role, their company counsel may or may not have experience/expertise in how open source works and frankly may not even want to take a risk on behalf of the company. Often, folks don't know what their exposure is either. Mostly we have done fine so far with what we have, But that may not be the case going forward, so we need to come up with fresh ideas and shield our community members and support them in their work for our community.

Here are some of the possibilities:

  • Private Mailing List (say "legal@kubernetes.io") with participants and their legal counsel including CNCF staff and counsel
  • Highlight risk to potential future members of the committees in our governance documentation for an informed decision
  • Directors and Officers Insurance (see funding request here)
  • Well-defined process for retaining of legal counsel for answers/advice/risk when situations arise
  • Thorough vetting of our current processes in CoCC, SRC and Steering to find holes in existing processes (and when we define new ones)
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jun 23, 2022
@mrbobbytables
Copy link
Member

/remove-lifecycle stale
/lifecycle frozen

@k8s-ci-robot k8s-ci-robot added lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Jun 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness.
Projects
None yet
Development

No branches or pull requests

4 participants