You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Over time, when we had questions about some legal issues, we would open issues where some folks with legal background at CNCF would help us navigate them, examples are
Committees like Steering, CoCC and Security Response Committee (SRC) are typically entities in Kubernetes that ask/require this sort of help due to the nature of the business they have to conduct in the community. SRC takes care of securing Kubernetes with CVE reporting/embargo processes. Steering makes decisions on top level communications/trademarks/licenses and difficult people situations and the CoCC helps with enforcing and maintaining the Code of Conduct and deals with situations as they arise. Due to this very nature, members of these Committees may very well be under extra scrutiny for their actions from a legal perspective. As an open source project under a foundation it would be best to get more "official" help from the foundation (CNCF or LF) publicly and privately to leaders from the community who are taking on roles in the community.
There are a variety of things we have seen in the open source community such help. Some of the foundations have a private legal related list where folks can privately raise concerns and research options. Others have legal counsel on retainer for when issues arise. Some counsel do pro-bono work in the open source community. In some cases an individual is covered by their companies legal counsel, in the case of many part-timers, more often than not, they are not.
When folks are acting on behalf of the project in a named role, their company counsel may or may not have experience/expertise in how open source works and frankly may not even want to take a risk on behalf of the company. Often, folks don't know what their exposure is either. Mostly we have done fine so far with what we have, But that may not be the case going forward, so we need to come up with fresh ideas and shield our community members and support them in their work for our community.
Here are some of the possibilities:
Private Mailing List (say "legal@kubernetes.io") with participants and their legal counsel including CNCF staff and counsel
Highlight risk to potential future members of the committees in our governance documentation for an informed decision
k8s-ci-robot
added
lifecycle/frozen
Indicates that an issue or PR should not be auto-closed due to staleness.
and removed
lifecycle/stale
Denotes an issue or PR has remained open with no activity and has become stale.
labels
Jun 23, 2022
Over time, when we had questions about some legal issues, we would open issues where some folks with legal background at CNCF would help us navigate them, examples are
more recently,
Committees like Steering, CoCC and Security Response Committee (SRC) are typically entities in Kubernetes that ask/require this sort of help due to the nature of the business they have to conduct in the community. SRC takes care of securing Kubernetes with CVE reporting/embargo processes. Steering makes decisions on top level communications/trademarks/licenses and difficult people situations and the CoCC helps with enforcing and maintaining the Code of Conduct and deals with situations as they arise. Due to this very nature, members of these Committees may very well be under extra scrutiny for their actions from a legal perspective. As an open source project under a foundation it would be best to get more "official" help from the foundation (CNCF or LF) publicly and privately to leaders from the community who are taking on roles in the community.
There are a variety of things we have seen in the open source community such help. Some of the foundations have a private legal related list where folks can privately raise concerns and research options. Others have legal counsel on retainer for when issues arise. Some counsel do pro-bono work in the open source community. In some cases an individual is covered by their companies legal counsel, in the case of many part-timers, more often than not, they are not.
When folks are acting on behalf of the project in a named role, their company counsel may or may not have experience/expertise in how open source works and frankly may not even want to take a risk on behalf of the company. Often, folks don't know what their exposure is either. Mostly we have done fine so far with what we have, But that may not be the case going forward, so we need to come up with fresh ideas and shield our community members and support them in their work for our community.
Here are some of the possibilities:
The text was updated successfully, but these errors were encountered: