Re: CDF Working Groups Proposal


Kay Williams <kayw@...>
 

Agree, thanks Dan (and Kohsuke).

 

Let me give a concrete example for a Supply Chain Security SIG. This is something Microsoft and GitHub are willing to dedicate resources to and help drive (in collaboration with others). We would like very much to work with a community like the CDF. This is not a Microsoft or GitHub issue alone. And while we are beginning to invest significant resources in this area, we do not want to do it alone. Others are investing as well. We want to join our collective effort and go farther, faster. This is an industry issue. We believe it will take collaboration across many partners and all aspects of the CD process.

 

Objective:

Ensure security (including policy and validation) for software artifacts at each stage of the supply chain from component developer, through package repositories, to application development to end customer runtime operation.

 

 

What the group hopes to gain from the CDF:

Security is an industry wide concern. It spans all aspects of Continuous Delivery tooling from SCM through CI/CD. Given this, it would seem a natural fit with the CDF charter – ‘A Neutral Home for the Next Generation of Continuous Delivery Collaboration’.

 

How would the group like to meet/operate:

For this topic, it makes sense for a group to meet and operate with a long term charter (like a CNCF SIG), with short term (e.g. 6 month) milestones to make progress.

 

Anything else to add:

Working groups could make sense as a construct for defining the short term milestones, but short term milestones could also be left up to the SIG to define.

 

Hope this helps.

 

Kay

 

From: cdf-toc@... <cdf-toc@...> On Behalf Of Kohsuke Kawaguchi via Lists.Cd.Foundation
Sent: Monday, June 17, 2019 5:12 PM
To: cdf-toc@...
Subject: Re: [cdf-toc] CDF Working Groups Proposal

 

Thanks Dan for doing this, and seeing the difference in what WGs and SIGs mean for different groups is fascinating! One of WGs that I've been more familiar with is W3C WG, which is different still from those mentioned in here. I'm also close to how the Jenkins project uses SIG and "team."

 

I think it's useful to step back and think about what problems we are trying to solve. I'm not sure if we have an alignment on that.

 

Dan's document says his WG proposal is for "a temporary group of collaborators focused on completing a defined task." Looking at the lifecycle, maybe it's for the CDF to delegate a certain task to a smaller circle of people who will have easier time doing it (e.g., CDF summit organization), or maybe it's to help people who want to drive certain initiatives by giving them the visibility, the authority, and other necessary support (e.g., usage metrics collection.) Or maybe something else.

 

FWIW, the problem I see that is worth solving now is to give visibility to technology efforts that are happening on the ground. Take Tekton & Jenkins X collaboration for example. I've heard that there are good things happening there, but I don't know where that is happening. I'm lucky in that I know who are involved, but I'm pretty sure people who are not close to the center have little idea that this is happening, or where they can participate. That translates to missed opportunities for more contributors, more encouragement to existing contributors, and more bragging opportunities of good things that are coming out of the CDF. I think the TOC has a vested interest in propping this up and support good stuff that's already happening.

 

The other problem I see that is worth solving is a facilitation for people of similar interest to find each other. In a large loosely connected community, people who have a passion to a certain aspect has hard time finding other likeminded people, and they won't get a place to engage themselves. I've seen this a lot in the Jenkins project. When you have a place for likeminded people to talk to each other, sometimes interesting projects/initiatives/efforts come out of it. Just today at the GB meeting, we were talking about the interest of end user companies to get together to compare notes and learn from each other. I won't be surprised if an ongoing conversation like that identifies the opportunities for them to join hands to solve a common problem.

 

What are the problems people are seeing that are worth solving now?

 

 

On Mon, Jun 17, 2019 at 4:41 PM Kay Williams via Lists.Cd.Foundation <kayw=microsoft.com@...> wrote:

Thanks Chris.  It sounds like the CNCF model is a better fit (at the foundation level).

 

From: cdf-toc@... <cdf-toc@...> On Behalf Of Chris Aniszczyk via Lists.Cd.Foundation
Sent: Monday, June 17, 2019 4:31 PM
To: cdf-toc@...
Subject: Re: [cdf-toc] CDF Working Groups Proposal

 

Here's a doc outlining the difference between CNCF/k8s SIGs, really mostly about code ownership:

 

 

They serve different purposes and CNCF SIGs were mostly created to help scale the CNCF TOC with project reviews and also provide an area to focus.

 

On Mon, Jun 17, 2019 at 7:27 PM Kay Williams via Lists.Cd.Foundation <kayw=microsoft.com@...> wrote:

Thanks Jaice for sharing.

 

At first blush the Kubernetes (project) model seems more complex than the CNCF (foundation) model.  Do you happen to have a comparison of the two? Can we get away with a simpler model at the foundation level? What are the factors to consider?

 

From: cdf-toc@... <cdf-toc@...> On Behalf Of Jaice Singer DuMars via Lists.Cd.Foundation
Sent: Monday, June 17, 2019 4:14 PM
To: cdf-toc@...
Subject: Re: [cdf-toc] CDF Working Groups Proposal

 

This is how Kubernetes does governance. I created this graphic some time ago to help make it easier to understand:

 

image.png

 

Being as I helped with this governance model, I am happy to answer any practical questions.

 

All the best,

Jaice

 

 

On Mon, Jun 17, 2019 at 2:14 PM Tara Hernandez via Lists.Cd.Foundation <tarahernandez=google.com@...> wrote:

Kay: Gotcha, thanks for the clarification 

 

So, if I'm understanding it correctly the diff between working groups (shorter term, finer granularity efforts) and SIGs (longer term, broader standards work) seems like a good breakdown.

 

 

On Mon, Jun 17, 2019 at 12:56 PM Kay Williams via Lists.Cd.Foundation <kayw=microsoft.com@...> wrote:

It may not be too much more to bite off?  The CNCF SIG model feels well thought out. Perhaps we can adopt it with little more than a search/replace from CNCF -> CDF.

 

From: cdf-toc@... <cdf-toc@...> On Behalf Of Dan Lorenc via Lists.Cd.Foundation
Sent: Monday, June 17, 2019 12:31 PM
To: cdf-toc@...
Subject: Re: [cdf-toc] CDF Working Groups Proposal

 

I broadly agree with the "two-tier" model and should have made that more clear in my proposal. k8s (and more recently the CNCF) splits these up into "working groups" and "special interest groups", with the latter being the longer-running version. I didn't try to bite off both of these at the same time, but maybe we should.

 

Dan Lorenc

 

On Mon, Jun 17, 2019 at 2:25 PM Kay Williams via Lists.Cd.Foundation <kayw=microsoft.com@...> wrote:

I am not sure if we want/need to define all the top-level items for now.  I just threw out some items as possible examples.  The larger question is the two-tier structure.

 

From: cdf-toc@... <cdf-toc@...> On Behalf Of Tara Hernandez via Lists.Cd.Foundation
Sent: Monday, June 17, 2019 12:21 PM
To: cdf-toc@...
Subject: Re: [cdf-toc] CDF Working Groups Proposal

 

"Deployment" is pretty broad, I worry that such a group would be working with a LOT of conditionals, e.g. on-prem vs cloud, service vs. serverless, maybe even baremetal vs. VM/Container (sadly probably still pretty common).  On the other hand, this is also probably one of the hotter topic areas as far as engaging with enterprise/corp devs.

 

So... perhaps start with some prelim scoping discussions?

 

:)

 

This other 'top tier' categories seem good to me...

 

On Mon, Jun 17, 2019 at 10:59 AM Kay Williams via Lists.Cd.Foundation <kayw=microsoft.com@...> wrote:

What would folks think about following a two tiered model?

 

Top-Tier

The top tier would be a more formal, long-running structure along logical, functional areas of need.  This would be similar to CNCF SIGs or OCP Projects.

 

CNCF - SIGs

OCP - Projects

 

For the CD Foundation, example top-tier items might include the following:

  • Supply Chain Security
  • Pipelines
  • Validation
  • Deployment

 

Second-Tier

The second tier would be a shorter-term structure with specific goals, deliverables and timelines. I think of this as what Dan is defining below in the working group proposal.

 

In the case of Software Supply Chain security (a broad topic) I am imagining we might have shorter working groups (or sprints?) that are largely time-bound.

 

2019.2 deliverables (2nd half 2019)

2020.1 deliverables (1st half 2020)

2020.2 deliverables (2nd half 2020)

Etc.

 

Thoughts from others?

Kay

 

From: cdf-toc@... <cdf-toc@...> On Behalf Of Dan Lorenc via Lists.Cd.Foundation
Sent: Monday, June 17, 2019 8:42 AM
To: cdf-toc@...
Subject: [cdf-toc] CDF Working Groups Proposal

 

Hey All,

 

This topic has come up a few times since kicking off the CDF TOC, and I promised to put together a proposal on the lifecycle of working groups. I got a doc started here.

 

I'd appreciate any feedback on the doc, and hope to discuss tomorrow in the TOC meeting. If TOC members like the general direction, the next steps would be to iterate in this doc and then move this to a PR and vote.

 

Dan Lorenc


 

--

Tara Hernandez

Engineering Manager Google Cloud

 

 


 

--

Tara Hernandez

Engineering Manager Google Cloud

 

 


 

--

Jaice Singer DuMars

Cloud Native Strategy

+1 (206) 371-2293

601 N. 34th St., Seattle WA 98103


 

--

Chris Aniszczyk (@cra) | +1-512-961-6719


 

--

Kohsuke Kawaguchi

Join cdf-toc@lists.cd.foundation to automatically receive all group messages.