Date   

Re: CDF Landscape BYOB

Marky Jackson <marky.r.jackson@...>
 

I would also love to help

On Jun 15, 2020, at 3:01 PM, TracyRagan <tracy@...> wrote:

Would love to help  -  got a ton of meetings on Friday. Send me the invite and I will try to work it in. 

Tracy

On Mon, Jun 15, 2020 at 2:47 PM Tracy Miranda <tmiranda@...> wrote:
All,

Tara Hernandez & I will be tackling the CDF landscape, cleaning it up, adding in more stuff etc on Friday. It should be a relaxed bring-your-own-b(reakfast/everage/...) so please feel free to join us. 

Friday 19th at 12pm Eastern time. Please let me know if you'd like to join and I'll send you an invite. (Will be adding the event to the Calendar too in due course). 

Thanks,
Tracy





-- 
Kind Regards,

Tracy Ragan
CEO and Co-Founder / DeployHub / tel: + 1.505.424.6440/ mob: +1.505.780.0558
Follow me on: Blog / Twitter Facebook / LinkedIn / YouTube / GitHub
We make microservices easy. 






Re: CDF Landscape BYOB

Tracy Ragan
 

Would love to help  -  got a ton of meetings on Friday. Send me the invite and I will try to work it in. 

Tracy

On Mon, Jun 15, 2020 at 2:47 PM Tracy Miranda <tmiranda@...> wrote:
All,

Tara Hernandez & I will be tackling the CDF landscape, cleaning it up, adding in more stuff etc on Friday. It should be a relaxed bring-your-own-b(reakfast/everage/...) so please feel free to join us. 

Friday 19th at 12pm Eastern time. Please let me know if you'd like to join and I'll send you an invite. (Will be adding the event to the Calendar too in due course). 

Thanks,
Tracy



--
Kind Regards,

Tracy Ragan
CEO and Co-Founder / DeployHub / tel: + 1.505.424.6440/ mob: +1.505.780.0558
Follow me on: Blog / Twitter Facebook / LinkedIn / YouTube / GitHub
We make microservices easy. 





CDF Landscape BYOB

Tracy Miranda <tmiranda@...>
 

All,

Tara Hernandez & I will be tackling the CDF landscape, cleaning it up, adding in more stuff etc on Friday. It should be a relaxed bring-your-own-b(reakfast/everage/...) so please feel free to join us. 

Friday 19th at 12pm Eastern time. Please let me know if you'd like to join and I'll send you an invite. (Will be adding the event to the Calendar too in due course). 

Thanks,
Tracy


Re: Security/Compliance reports regarding Spinnaker

Rosalind Benoit
 

Checking to see if we can assist.


On Mon, Jun 15, 2020 at 8:59 AM Michael Galloway <mgalloway@...> wrote:
Netflix unfortunately does not anything that we can share.

Perhaps Armory may be able to help, Rosalind?

On Mon, Jun 15, 2020 at 8:29 AM Chris Aniszczyk <caniszczyk@...> wrote:
This is exactly what the security audit will provide once it's open sourced and shared with the community.

I believe it was procured recently and is being scheduled. Brian Warner can chase it down.

There may be older audits that Netflix done that they can choose to open source and share but I'm not familiar with those.

On Mon, Jun 15, 2020 at 10:13 AM Michael Galloway via lists.cd.foundation <mgalloway=netflix.com@...> wrote:
Is this something our security review is supposed to provide? 

I’ll ask folks on the Spinnaker project as well, to see if there is any material.


On Mon, Jun 15, 2020 at 6:47 AM Jacque Salinas <jsalinas@...> wrote:
Hello, 

Who should I route this to?

---------- Forwarded message ---------
From: Suhrud Kumar CHILUVERU <s.chiluveru@...>
Date: Thu, Jun 11, 2020 at 2:00 AM
Subject: Security/Compliance reports regarding Spinnaker
To: info@... <info@...>


Hello CD Foundation Team,

 

We, at F5 Networks, are looking to implement Spinnaker as Continuous Delivery Platform for our services. However to integrate with our internal services, our Information Security team is looking for some security and compliance reports for the spinnaker product.

 

Can you please see if you can provide the following (where available): 
• SOC2 type 2 (SSAE16) report 
• PCI DSS compliance report 
• ISO 27001 and/or 27018 certification(s) 
• Security related system diagrams 
• One of the following: 
o Clean software analysis report (from Veracode, or equivalent) showing code is malware-free 
or 
o Contractual Attestation that software is malicious-code free 

 

This would greatly help us in clearing our Third Party Security Assessment and start using Spinnaker as our CD platform.

 

Thanks

Suhrud

SRE – F5

 

 



--
Jacqueline Salinas 
Continuous Delivery Foundation
Director of Ecosystem & Community
408 218 0667



--

Michael Galloway | Delivery Engineering
mgalloway@... | m: 408.234.5205

AgdHAae.png



--
Chris Aniszczyk (@cra) | +1-512-961-6719



--

Michael Galloway | Delivery Engineering
mgalloway@... | m: 408.234.5205

AgdHAae.png



--
Rosalind Benoit
Director of Community at Armory
503-857-7357  |  rosalind@...  |  www.armory.io
@dnilasor on Spinnaker Slack
@dnilas0r on Twitter


Re: Project Graduations

Oleg Nenashev
 

Hi Dan et al,

What would be the CDF TOC stance on the Code of Conduct version selection? We are discussing choosing between Contributor Governance 1.4 (version used by CDF), but there are contributors interested in going with the new 2.0 version.  There is some overview and comments in this thread. Generally the 1.4 and 2.0 are not considered as fully compatible, because 2.0 uses "community" as a subject instead of the "project", and "community leaders" instead of "maintainers".

I wonder whether the TOC would be OK with the Jenkins project choosing Contributor Covenant 2.0. Would it be an obstacle for graduation, and which steps would be required to review and make a decision on that?

Thanks in advance,
Oleg





On Mon, Jun 15, 2020 at 1:54 PM Dan Lorenc via lists.cd.foundation <dlorenc=google.com@...> wrote:
Thanks Oleg. Let's treat this one as canonical for now: https://github.com/cdfoundation/toc/blob/master/PROJECT_LIFECYCLE.md

I'll deduplicate them.

On Fri, Jun 12, 2020 at 11:02 AM Oleg Nenashev <o.v.nenashev@...> wrote:
Hi all,

Just FYI, we have started exploring the graduation requirement in the Jenkins project. Thanks to Dan for joining the last Governance meeting and explaining the process.Here is a developer mailing list thread started by Tracy Miranda, our work-in-progress checklist can be found here.

One thing I noticed is that there are two lists of requirements which differ from each other. For example, only one version references the Code of Conduct:

On Mon, May 18, 2020 at 11:35 PM Tara Hernandez via lists.cd.foundation <tarahernandez=google.com@...> wrote:
Reminder that tomorrow's meeting is on the new APAC friendly 6pm time, so we can have our Chinese language SIG contributor join us.

On Mon, May 18, 2020 at 6:19 AM Dan Lorenc via lists.cd.foundation <dlorenc=google.com@...> wrote:
I've added this to tomorrow's TOC agenda. Thanks Oleg!

Dan Lorenc

On Fri, May 15, 2020 at 9:28 AM Oleg Nenashev <o.v.nenashev@...> wrote:
Hi Dan and all,

One thing to keep in mind is that there is already a 2.0 version of Contributor Covenant. There are some differences.
Just in case, are there any plans to upgrade the Code of Conduct on the CDF side?

Once I know the target version for CDF, I will start the discussion about aligning the Contributor Covenant version in Jenkins.
Our version is old, and there are some statements in newer versions which would be a good addition.

Best regards,
Oleg

On Thu, May 7, 2020, 02:16 Michael Galloway via lists.cd.foundation <mgalloway=netflix.com@...> wrote:
For Spinnaker, we've adopted the 1.4 version of the CoC, but I think standardizing on the CDF version makes sense as much as possible.

On Wed, May 6, 2020 at 2:26 PM Dan Lorenc via lists.cd.foundation <dlorenc=google.com@...> wrote:
Great points. I think we should encourage the CDF Code of Conduct by default, but allow others with good reason after a review. Project-level escalation sounds great as well. The CDF could be used as a second level of escalation if necessary.

Any thoughts from others here?

Dan Lorenc

On Wed, May 6, 2020 at 11:58 AM Oleg Nenashev <o.v.nenashev@...> wrote:
Hi all,

I have another question about the current graduation requirements. Currently projects are expected to adopt the CDF Code of Conduct to graduate. In the case of the Jenkins project we have our own code of conduct which is an adopted version of Contributor Covenant 1.3 widely used in open-source projects. CDF Code of Conduct uses version 1.4 and there are some differences.

What does "Code of Conduct adoption" mean in practice?
  • Would it be enough to ensure that we use the same Contributor Covenant version in our project? Or would CDF TOC expect wider changes, e.g. replacing CoC completely by the CDF one?
  • Would we be expected to switch the escalation/enforcement process to conduct@...?  Currently the Jenkins project has its own escalation and enforcement process, managed by the Jenkins Governance Board.  
Best regards,
Oleg


On Mon, Apr 27, 2020 at 4:07 PM Dan Lorenc via lists.cd.foundation <dlorenc=google.com@...> wrote:
Thanks Oleg!

I'd like to avoid making this a moving target by accident as we progress. Like you point out, the incoming changes in https://github.com/cdfoundation/toc/pull/76 add some extra requirements that aren't in the existing https://github.com/cdfoundation/toc/blob/master/PROJECT_LIFECYCLE.md document.

I just opened a PR to add these requirements, the TOC can discuss and vote, and then we can submit a proposal for Jenkins: https://github.com/cdfoundation/toc/pull/79

I think we'll need to quickly get a plan together for security audits at the CDF level.

Dan Lorenc

On Fri, Apr 24, 2020 at 10:42 AM Oleg Nenashev <o.v.nenashev@...> wrote:
Hi all,

As a Jenkins board member, I would be interested in passing through the official CDF graduation checklist and review. From what I see on https://github.com/cdfoundation/toc/blob/master/PROJECT_LIFECYCLE.md the Jenkins project fully meets the "graduated project" criteria though IIUC there are some incoming changes like https://github.com/cdfoundation/toc/pull/76 (CII requirement, 3rd-party security audit, etc.). It would be great to see the final list of requirements before we take it to the Jenkins community and discuss it there.

I also have a question about a 3rd-party security audit defined by Dan Lopez in https://github.com/cdfoundation/toc/pull/76. It may cost a lot for a big project like Jenkins if we want to have a formal security audit by a 3rd party. Just in case, does CDF have budget allocated for such audit in CDF projects? If not, such criteria may become a major obstacle.

Thanks in advance,
Oleg


On Fri, Apr 24, 2020 at 5:29 PM Tracy Miranda <tmiranda@...> wrote:
+1 good to have clarity then dog-food our own processes. 

While it might be strange for some to see Jenkins 'graduate' think it will be good due-diligence and a good example for rest of the projects (not to mention more reasons to celebrate!)

Tracy

On Fri, Apr 24, 2020 at 11:27 AM Dan Lorenc via lists.cd.foundation <dlorenc=google.com@...> wrote:
Hey Everyone,

There's been some confusion around CDF project graduation/incubation statuses and I want to try to clear that up. If I remember correctly, when the initial projects came into the CDF we decided to keep them all at incubation status, even though some were likely to graduate quickly.

The plan was to firm up the graduation criteria, then move the more mature projects through this process as a trial run.

Does that still make sense to everyone? If so, I'd like to take a pass at the graduation criteria, then start to move Jenkins through to make sure the process makes sense and works.

Dan Lorenc



--

Michael Galloway | Delivery Engineering
mgalloway@... | m: 408.234.5205

AgdHAae.png



--
Tara Hernandez
Engineering Manager Google Cloud




Re: Security/Compliance reports regarding Spinnaker

Michael Galloway <mgalloway@...>
 

Netflix unfortunately does not anything that we can share.

Perhaps Armory may be able to help, Rosalind?

On Mon, Jun 15, 2020 at 8:29 AM Chris Aniszczyk <caniszczyk@...> wrote:
This is exactly what the security audit will provide once it's open sourced and shared with the community.

I believe it was procured recently and is being scheduled. Brian Warner can chase it down.

There may be older audits that Netflix done that they can choose to open source and share but I'm not familiar with those.

On Mon, Jun 15, 2020 at 10:13 AM Michael Galloway via lists.cd.foundation <mgalloway=netflix.com@...> wrote:
Is this something our security review is supposed to provide? 

I’ll ask folks on the Spinnaker project as well, to see if there is any material.


On Mon, Jun 15, 2020 at 6:47 AM Jacque Salinas <jsalinas@...> wrote:
Hello, 

Who should I route this to?

---------- Forwarded message ---------
From: Suhrud Kumar CHILUVERU <s.chiluveru@...>
Date: Thu, Jun 11, 2020 at 2:00 AM
Subject: Security/Compliance reports regarding Spinnaker
To: info@... <info@...>


Hello CD Foundation Team,

 

We, at F5 Networks, are looking to implement Spinnaker as Continuous Delivery Platform for our services. However to integrate with our internal services, our Information Security team is looking for some security and compliance reports for the spinnaker product.

 

Can you please see if you can provide the following (where available): 
• SOC2 type 2 (SSAE16) report 
• PCI DSS compliance report 
• ISO 27001 and/or 27018 certification(s) 
• Security related system diagrams 
• One of the following: 
o Clean software analysis report (from Veracode, or equivalent) showing code is malware-free 
or 
o Contractual Attestation that software is malicious-code free 

 

This would greatly help us in clearing our Third Party Security Assessment and start using Spinnaker as our CD platform.

 

Thanks

Suhrud

SRE – F5

 

 



--
Jacqueline Salinas 
Continuous Delivery Foundation
Director of Ecosystem & Community
408 218 0667



--

Michael Galloway | Delivery Engineering
mgalloway@... | m: 408.234.5205

AgdHAae.png



--
Chris Aniszczyk (@cra) | +1-512-961-6719



--

Michael Galloway | Delivery Engineering
mgalloway@... | m: 408.234.5205

AgdHAae.png


Re: Security/Compliance reports regarding Spinnaker

Chris Aniszczyk
 

This is exactly what the security audit will provide once it's open sourced and shared with the community.

I believe it was procured recently and is being scheduled. Brian Warner can chase it down.

There may be older audits that Netflix done that they can choose to open source and share but I'm not familiar with those.

On Mon, Jun 15, 2020 at 10:13 AM Michael Galloway via lists.cd.foundation <mgalloway=netflix.com@...> wrote:
Is this something our security review is supposed to provide? 

I’ll ask folks on the Spinnaker project as well, to see if there is any material.


On Mon, Jun 15, 2020 at 6:47 AM Jacque Salinas <jsalinas@...> wrote:
Hello, 

Who should I route this to?

---------- Forwarded message ---------
From: Suhrud Kumar CHILUVERU <s.chiluveru@...>
Date: Thu, Jun 11, 2020 at 2:00 AM
Subject: Security/Compliance reports regarding Spinnaker
To: info@... <info@...>


Hello CD Foundation Team,

 

We, at F5 Networks, are looking to implement Spinnaker as Continuous Delivery Platform for our services. However to integrate with our internal services, our Information Security team is looking for some security and compliance reports for the spinnaker product.

 

Can you please see if you can provide the following (where available): 
• SOC2 type 2 (SSAE16) report 
• PCI DSS compliance report 
• ISO 27001 and/or 27018 certification(s) 
• Security related system diagrams 
• One of the following: 
o Clean software analysis report (from Veracode, or equivalent) showing code is malware-free 
or 
o Contractual Attestation that software is malicious-code free 

 

This would greatly help us in clearing our Third Party Security Assessment and start using Spinnaker as our CD platform.

 

Thanks

Suhrud

SRE – F5

 

 



--
Jacqueline Salinas 
Continuous Delivery Foundation
Director of Ecosystem & Community
408 218 0667



--

Michael Galloway | Delivery Engineering
mgalloway@... | m: 408.234.5205

AgdHAae.png



--
Chris Aniszczyk (@cra) | +1-512-961-6719


Re: Security/Compliance reports regarding Spinnaker

Michael Galloway <mgalloway@...>
 

Is this something our security review is supposed to provide? 

I’ll ask folks on the Spinnaker project as well, to see if there is any material.


On Mon, Jun 15, 2020 at 6:47 AM Jacque Salinas <jsalinas@...> wrote:
Hello, 

Who should I route this to?

---------- Forwarded message ---------
From: Suhrud Kumar CHILUVERU <s.chiluveru@...>
Date: Thu, Jun 11, 2020 at 2:00 AM
Subject: Security/Compliance reports regarding Spinnaker
To: info@... <info@...>


Hello CD Foundation Team,

 

We, at F5 Networks, are looking to implement Spinnaker as Continuous Delivery Platform for our services. However to integrate with our internal services, our Information Security team is looking for some security and compliance reports for the spinnaker product.

 

Can you please see if you can provide the following (where available): 
• SOC2 type 2 (SSAE16) report 
• PCI DSS compliance report 
• ISO 27001 and/or 27018 certification(s) 
• Security related system diagrams 
• One of the following: 
o Clean software analysis report (from Veracode, or equivalent) showing code is malware-free 
or 
o Contractual Attestation that software is malicious-code free 

 

This would greatly help us in clearing our Third Party Security Assessment and start using Spinnaker as our CD platform.

 

Thanks

Suhrud

SRE – F5

 

 



--
Jacqueline Salinas 
Continuous Delivery Foundation
Director of Ecosystem & Community
408 218 0667



--

Michael Galloway | Delivery Engineering
mgalloway@... | m: 408.234.5205

AgdHAae.png


TOC Meeting Agenda - June 16th

Dan Lorenc <dlorenc@...>
 

Hi All,

Please add agenda topics for tomorrow's meeting to the document here: https://docs.google.com/document/d/1uBHar55fTInWF9Li4t0lyG3tTC8BRLU0FfBfsgk_Jrs/edit

Reminder, this is at the APAC-friendly timezone slot, 6pm Pacific time.

Dan Lorenc


Security/Compliance reports regarding Spinnaker

Jacque Salinas
 

Hello, 

Who should I route this to?

---------- Forwarded message ---------
From: Suhrud Kumar CHILUVERU <s.chiluveru@...>
Date: Thu, Jun 11, 2020 at 2:00 AM
Subject: Security/Compliance reports regarding Spinnaker
To: info@... <info@...>


Hello CD Foundation Team,

 

We, at F5 Networks, are looking to implement Spinnaker as Continuous Delivery Platform for our services. However to integrate with our internal services, our Information Security team is looking for some security and compliance reports for the spinnaker product.

 

Can you please see if you can provide the following (where available): 
• SOC2 type 2 (SSAE16) report 
• PCI DSS compliance report 
• ISO 27001 and/or 27018 certification(s) 
• Security related system diagrams 
• One of the following: 
o Clean software analysis report (from Veracode, or equivalent) showing code is malware-free 
or 
o Contractual Attestation that software is malicious-code free 

 

This would greatly help us in clearing our Third Party Security Assessment and start using Spinnaker as our CD platform.

 

Thanks

Suhrud

SRE – F5

 

 



--
Jacqueline Salinas 
Continuous Delivery Foundation
Director of Ecosystem & Community
408 218 0667




Re: Project Graduations

Dan Lorenc <dlorenc@...>
 

Thanks Oleg. Let's treat this one as canonical for now: https://github.com/cdfoundation/toc/blob/master/PROJECT_LIFECYCLE.md

I'll deduplicate them.

On Fri, Jun 12, 2020 at 11:02 AM Oleg Nenashev <o.v.nenashev@...> wrote:
Hi all,

Just FYI, we have started exploring the graduation requirement in the Jenkins project. Thanks to Dan for joining the last Governance meeting and explaining the process.Here is a developer mailing list thread started by Tracy Miranda, our work-in-progress checklist can be found here.

One thing I noticed is that there are two lists of requirements which differ from each other. For example, only one version references the Code of Conduct:

On Mon, May 18, 2020 at 11:35 PM Tara Hernandez via lists.cd.foundation <tarahernandez=google.com@...> wrote:
Reminder that tomorrow's meeting is on the new APAC friendly 6pm time, so we can have our Chinese language SIG contributor join us.

On Mon, May 18, 2020 at 6:19 AM Dan Lorenc via lists.cd.foundation <dlorenc=google.com@...> wrote:
I've added this to tomorrow's TOC agenda. Thanks Oleg!

Dan Lorenc

On Fri, May 15, 2020 at 9:28 AM Oleg Nenashev <o.v.nenashev@...> wrote:
Hi Dan and all,

One thing to keep in mind is that there is already a 2.0 version of Contributor Covenant. There are some differences.
Just in case, are there any plans to upgrade the Code of Conduct on the CDF side?

Once I know the target version for CDF, I will start the discussion about aligning the Contributor Covenant version in Jenkins.
Our version is old, and there are some statements in newer versions which would be a good addition.

Best regards,
Oleg

On Thu, May 7, 2020, 02:16 Michael Galloway via lists.cd.foundation <mgalloway=netflix.com@...> wrote:
For Spinnaker, we've adopted the 1.4 version of the CoC, but I think standardizing on the CDF version makes sense as much as possible.

On Wed, May 6, 2020 at 2:26 PM Dan Lorenc via lists.cd.foundation <dlorenc=google.com@...> wrote:
Great points. I think we should encourage the CDF Code of Conduct by default, but allow others with good reason after a review. Project-level escalation sounds great as well. The CDF could be used as a second level of escalation if necessary.

Any thoughts from others here?

Dan Lorenc

On Wed, May 6, 2020 at 11:58 AM Oleg Nenashev <o.v.nenashev@...> wrote:
Hi all,

I have another question about the current graduation requirements. Currently projects are expected to adopt the CDF Code of Conduct to graduate. In the case of the Jenkins project we have our own code of conduct which is an adopted version of Contributor Covenant 1.3 widely used in open-source projects. CDF Code of Conduct uses version 1.4 and there are some differences.

What does "Code of Conduct adoption" mean in practice?
  • Would it be enough to ensure that we use the same Contributor Covenant version in our project? Or would CDF TOC expect wider changes, e.g. replacing CoC completely by the CDF one?
  • Would we be expected to switch the escalation/enforcement process to conduct@...?  Currently the Jenkins project has its own escalation and enforcement process, managed by the Jenkins Governance Board.  
Best regards,
Oleg


On Mon, Apr 27, 2020 at 4:07 PM Dan Lorenc via lists.cd.foundation <dlorenc=google.com@...> wrote:
Thanks Oleg!

I'd like to avoid making this a moving target by accident as we progress. Like you point out, the incoming changes in https://github.com/cdfoundation/toc/pull/76 add some extra requirements that aren't in the existing https://github.com/cdfoundation/toc/blob/master/PROJECT_LIFECYCLE.md document.

I just opened a PR to add these requirements, the TOC can discuss and vote, and then we can submit a proposal for Jenkins: https://github.com/cdfoundation/toc/pull/79

I think we'll need to quickly get a plan together for security audits at the CDF level.

Dan Lorenc

On Fri, Apr 24, 2020 at 10:42 AM Oleg Nenashev <o.v.nenashev@...> wrote:
Hi all,

As a Jenkins board member, I would be interested in passing through the official CDF graduation checklist and review. From what I see on https://github.com/cdfoundation/toc/blob/master/PROJECT_LIFECYCLE.md the Jenkins project fully meets the "graduated project" criteria though IIUC there are some incoming changes like https://github.com/cdfoundation/toc/pull/76 (CII requirement, 3rd-party security audit, etc.). It would be great to see the final list of requirements before we take it to the Jenkins community and discuss it there.

I also have a question about a 3rd-party security audit defined by Dan Lopez in https://github.com/cdfoundation/toc/pull/76. It may cost a lot for a big project like Jenkins if we want to have a formal security audit by a 3rd party. Just in case, does CDF have budget allocated for such audit in CDF projects? If not, such criteria may become a major obstacle.

Thanks in advance,
Oleg


On Fri, Apr 24, 2020 at 5:29 PM Tracy Miranda <tmiranda@...> wrote:
+1 good to have clarity then dog-food our own processes. 

While it might be strange for some to see Jenkins 'graduate' think it will be good due-diligence and a good example for rest of the projects (not to mention more reasons to celebrate!)

Tracy

On Fri, Apr 24, 2020 at 11:27 AM Dan Lorenc via lists.cd.foundation <dlorenc=google.com@...> wrote:
Hey Everyone,

There's been some confusion around CDF project graduation/incubation statuses and I want to try to clear that up. If I remember correctly, when the initial projects came into the CDF we decided to keep them all at incubation status, even though some were likely to graduate quickly.

The plan was to firm up the graduation criteria, then move the more mature projects through this process as a trial run.

Does that still make sense to everyone? If so, I'd like to take a pass at the graduation criteria, then start to move Jenkins through to make sure the process makes sense and works.

Dan Lorenc



--

Michael Galloway | Delivery Engineering
mgalloway@... | m: 408.234.5205

AgdHAae.png



--
Tara Hernandez
Engineering Manager Google Cloud




CDF Podcast supasses 1000 downloads!

Jacque Salinas
 

Hello CDF Community -

Thank you to everyone who contributes to this program. I am so happy to announce that we have surpassed 1000 total downloads this morning! 

We have published 7 episodes so far! And working very hard each week to get new episodes out for the community. 

So what can you expect when you submit your episode idea? Here are some data points to consider: 


Screen Shot 2020-06-12 at 1.21.59 PM.png


Screen Shot 2020-06-12 at 1.22.44 PM.png



Screen Shot 2020-06-12 at 1.22.51 PM.png



Jacqueline Salinas 
Continuous Delivery Foundation
Director of Ecosystem & Community
408 218 0667




CDF End User Counsel - kick off! V2 July 9 @ 3pm pst

Jacque Salinas
 

Hi all, 

I messed up on the previous meeting and my sincerest apologies. We have rescheduled, time zones have been triple checked & confirmed. I will send weekly reminders to the community as we get closer to the meeting date. All the info is below on how to log in to be part of the End User Counsel working group. 

We hope to see you there! 


CD Foundation is inviting you to a scheduled Zoom meeting.

Topic: CDF End User Counsel - kick off
Time: Jul 9, 2020 03:00 PM Pacific Time (US and Canada)

Join Zoom Meeting

Meeting ID: 989 7744 4649
Password: 135558
One tap mobile
+13462487799,,98977444649# US (Houston)
+16699006833,,98977444649# US (San Jose)

Dial by your location
        +1 346 248 7799 US (Houston)
        +1 669 900 6833 US (San Jose)
        +1 253 215 8782 US (Tacoma)
        +1 312 626 6799 US (Chicago)
        +1 646 558 8656 US (New York)
        +1 301 715 8592 US (Germantown)
        877 369 0926 US Toll-free
        855 880 1246 US Toll-free
        +1 587 328 1099 Canada
        +1 647 374 4685 Canada
        +1 647 558 0588 Canada
        +1 778 907 2071 Canada
        +1 438 809 7799 Canada
        855 703 8985 Canada Toll-free

Meeting ID: 989 7744 4649
Find your local number: https://zoom.us/u/ackEoQAZal


Jacqueline Salinas 
Continuous Delivery Foundation
Director of Ecosystem & Community
408 218 0667




Re: Project Graduations

Oleg Nenashev
 

Hi all,

Just FYI, we have started exploring the graduation requirement in the Jenkins project. Thanks to Dan for joining the last Governance meeting and explaining the process.Here is a developer mailing list thread started by Tracy Miranda, our work-in-progress checklist can be found here.

One thing I noticed is that there are two lists of requirements which differ from each other. For example, only one version references the Code of Conduct:

On Mon, May 18, 2020 at 11:35 PM Tara Hernandez via lists.cd.foundation <tarahernandez=google.com@...> wrote:
Reminder that tomorrow's meeting is on the new APAC friendly 6pm time, so we can have our Chinese language SIG contributor join us.

On Mon, May 18, 2020 at 6:19 AM Dan Lorenc via lists.cd.foundation <dlorenc=google.com@...> wrote:
I've added this to tomorrow's TOC agenda. Thanks Oleg!

Dan Lorenc

On Fri, May 15, 2020 at 9:28 AM Oleg Nenashev <o.v.nenashev@...> wrote:
Hi Dan and all,

One thing to keep in mind is that there is already a 2.0 version of Contributor Covenant. There are some differences.
Just in case, are there any plans to upgrade the Code of Conduct on the CDF side?

Once I know the target version for CDF, I will start the discussion about aligning the Contributor Covenant version in Jenkins.
Our version is old, and there are some statements in newer versions which would be a good addition.

Best regards,
Oleg

On Thu, May 7, 2020, 02:16 Michael Galloway via lists.cd.foundation <mgalloway=netflix.com@...> wrote:
For Spinnaker, we've adopted the 1.4 version of the CoC, but I think standardizing on the CDF version makes sense as much as possible.

On Wed, May 6, 2020 at 2:26 PM Dan Lorenc via lists.cd.foundation <dlorenc=google.com@...> wrote:
Great points. I think we should encourage the CDF Code of Conduct by default, but allow others with good reason after a review. Project-level escalation sounds great as well. The CDF could be used as a second level of escalation if necessary.

Any thoughts from others here?

Dan Lorenc

On Wed, May 6, 2020 at 11:58 AM Oleg Nenashev <o.v.nenashev@...> wrote:
Hi all,

I have another question about the current graduation requirements. Currently projects are expected to adopt the CDF Code of Conduct to graduate. In the case of the Jenkins project we have our own code of conduct which is an adopted version of Contributor Covenant 1.3 widely used in open-source projects. CDF Code of Conduct uses version 1.4 and there are some differences.

What does "Code of Conduct adoption" mean in practice?
  • Would it be enough to ensure that we use the same Contributor Covenant version in our project? Or would CDF TOC expect wider changes, e.g. replacing CoC completely by the CDF one?
  • Would we be expected to switch the escalation/enforcement process to conduct@...?  Currently the Jenkins project has its own escalation and enforcement process, managed by the Jenkins Governance Board.  
Best regards,
Oleg


On Mon, Apr 27, 2020 at 4:07 PM Dan Lorenc via lists.cd.foundation <dlorenc=google.com@...> wrote:
Thanks Oleg!

I'd like to avoid making this a moving target by accident as we progress. Like you point out, the incoming changes in https://github.com/cdfoundation/toc/pull/76 add some extra requirements that aren't in the existing https://github.com/cdfoundation/toc/blob/master/PROJECT_LIFECYCLE.md document.

I just opened a PR to add these requirements, the TOC can discuss and vote, and then we can submit a proposal for Jenkins: https://github.com/cdfoundation/toc/pull/79

I think we'll need to quickly get a plan together for security audits at the CDF level.

Dan Lorenc

On Fri, Apr 24, 2020 at 10:42 AM Oleg Nenashev <o.v.nenashev@...> wrote:
Hi all,

As a Jenkins board member, I would be interested in passing through the official CDF graduation checklist and review. From what I see on https://github.com/cdfoundation/toc/blob/master/PROJECT_LIFECYCLE.md the Jenkins project fully meets the "graduated project" criteria though IIUC there are some incoming changes like https://github.com/cdfoundation/toc/pull/76 (CII requirement, 3rd-party security audit, etc.). It would be great to see the final list of requirements before we take it to the Jenkins community and discuss it there.

I also have a question about a 3rd-party security audit defined by Dan Lopez in https://github.com/cdfoundation/toc/pull/76. It may cost a lot for a big project like Jenkins if we want to have a formal security audit by a 3rd party. Just in case, does CDF have budget allocated for such audit in CDF projects? If not, such criteria may become a major obstacle.

Thanks in advance,
Oleg


On Fri, Apr 24, 2020 at 5:29 PM Tracy Miranda <tmiranda@...> wrote:
+1 good to have clarity then dog-food our own processes. 

While it might be strange for some to see Jenkins 'graduate' think it will be good due-diligence and a good example for rest of the projects (not to mention more reasons to celebrate!)

Tracy

On Fri, Apr 24, 2020 at 11:27 AM Dan Lorenc via lists.cd.foundation <dlorenc=google.com@...> wrote:
Hey Everyone,

There's been some confusion around CDF project graduation/incubation statuses and I want to try to clear that up. If I remember correctly, when the initial projects came into the CDF we decided to keep them all at incubation status, even though some were likely to graduate quickly.

The plan was to firm up the graduation criteria, then move the more mature projects through this process as a trial run.

Does that still make sense to everyone? If so, I'd like to take a pass at the graduation criteria, then start to move Jenkins through to make sure the process makes sense and works.

Dan Lorenc



--

Michael Galloway | Delivery Engineering
mgalloway@... | m: 408.234.5205

AgdHAae.png



--
Tara Hernandez
Engineering Manager Google Cloud




{MEMBER BENEFIT OPPTY} Reminder! Call for volunteers & content for CDF booth @ JFrog's swampUP Day Online, June 23-24 (America's PST timezone)

Jacque Salinas
 

Hello CDF Members, Ambassadors, et Community, 

CDF is sponsoring a booth at the JFrog swampUP 2020 Online on June 23, 2020 and June 24th from 9am - 4pm PDT time. 

We are seeking volunteers to help virtually staff the CDF booth. The minimum  requirement is 1 hour of your time. If you are interested in helping please sign up here!  (DEADLINE: June 15, 2020).

And we also have the option to sponsor live stream 1 hr session - send me an email if you're interested! 

Any CDF members (all tiers) that volunteer -  we are also asking them to provide the following marketing collateral from their companies. This is an opportunity to speak about your company's technology and represent the CDF & its projects all in one place. The collateral will be available for attendees who stop by the booth to download. 

Please provide in PDF format by DEADLINE: June 19, 2020 & send to jsalinas@....
  • Case studies 
  • White papers
  • Data sheets
  • Infographics 
  • Swag
We are seeking technical folks who can speak about the following projects: 
  • Spinnaker
  • Tekton
  • Screwdriver 
  • Jenkins 
  • Jenkins X
  • CI/CD & DevOps general topics
We are also seeking volunteers from the Governing Board, TOC, and Ambassador program to help represent the CDF and speak to its initiatives. If you have any questions, feel free to reach out to me. Thanks! 

Jacqueline Salinas 
Continuous Delivery Foundation
Director of Ecosystem & Community
408 218 0667




{CDF Community Member Benefit} JFrog swampUP Day free registration codes! **LIMITED AMOUNT**

Jacque Salinas
 

Hello all, 

As part of our sponsorship package we received the following benefit. We hope to see you there! 

BONUS BENEFIT - 100 FREE EVENT REGISTRATIONS
As part of your sponsorship your company will receive 100 complimentary passes to swampUP Online. JFrog will donate $20 for every registration up to $2,000 that is directly contributed to COVID-19 relief.

  • CODE: CDFoundation2020

  • Please instruct your customers to enter your code at check out

  • The code is good for the Americas event June 24 and the EMEA/APAC event July 1

Register here: 

 



Jacqueline Salinas 
Continuous Delivery Foundation
Director of Ecosystem & Community
408 218 0667




{MEMBER BENEFIT OPPTY} Call for volunteers & content for CDF booth @ SKILup Days: CD Ecosystem on July 16, 2020 EST time

Jacque Salinas
 

Hello CDF Members, Ambassadors, et Community, 

CDF is sponsoring a booth at the DevOps Institute SKILup Day: Continuous Delivery Ecosystem on July 16, 2020 9am - 4pm. 

We are seeking volunteers to help virtually staff the CDF booth. The minimum  requirement is 1 hour of your time. If you are interested in helping please sign up here!  (DEADLINE: July 6, 2020).

Any CDF members (all tiers) that volunteer -  we are also asking them to provide the following marketing collateral from their companies. This is an opportunity to speak about your company's technology and represent the CDF & its projects all in one place. The collateral will be available for attendees who stop by the booth to download. Please provide in PDF format by DEADLINE: July 10, 2020 & send to jsalinas@....
  • Case studies 
  • White papers
  • Data sheets
  • Infographics 
  • Swag
We are seeking technical folks who can speak about the following projects: 
  • Spinnaker
  • Tekton
  • Screwdriver 
  • Jenkins 
  • Jenkins X
  • CI/CD & DevOps general topics
We are also seeking volunteers from the Governing Board, TOC, and Ambassador program to help represent the CDF and speak to its initiatives. If you have any questions, feel free to reach out to me. Thanks! 

Jacqueline Salinas 
Continuous Delivery Foundation
Director of Ecosystem & Community
408 218 0667




{MEMBER BENEFIT OPPTY} Call for volunteers & content for CDF booth @ JFrog's swampUP Day Online, June 23-24 (Americas GMT 7 time zone)

Jacque Salinas
 

***correction to subject line! Apologies! 

Hello CDF Members, Ambassadors, et Community, 

CDF is sponsoring a booth at the JFrog swampUP 2020 Online on June 23, 2020 and June 24th from 9am - 4pm PDT time. 

We are seeking volunteers to help virtually staff the CDF booth. The minimum  requirement is 1 hour of your time. If you are interested in helping please sign up here!  (DEADLINE: June 19, 2020).

And we also have the option to sponsor live stream 1 hr session - send me an email if you're interested! 

Any CDF members (all tiers) that volunteer -  we are also asking them to provide the following marketing collateral from their companies. This is an opportunity to speak about your company's technology and represent the CDF & its projects all in one place. The collateral will be available for attendees who stop by the booth to download. Please provide in PDF format by DEADLINE: June 19, 2020 & send to jsalinas@....
  • Case studies 
  • White papers
  • Data sheets
  • Infographics 
  • Swag
We are seeking technical folks who can speak about the following projects: 
  • Spinnaker
  • Tekton
  • Screwdriver 
  • Jenkins 
  • Jenkins X
  • CI/CD & DevOps general topics
We are also seeking volunteers from the Governing Board, TOC, and Ambassador program to help represent the CDF and speak to its initiatives. If you have any questions, feel free to reach out to me. Thanks! 

Jacqueline Salinas 
Continuous Delivery Foundation
Director of Ecosystem & Community
408 218 0667




{MEMBER BENEFIT OPPTY} Call for volunteers & content for CDF booth @ JFrog's swampUP Day Online, June 30 & July 1 (EMEA/APAC GMT+1)

Jacque Salinas
 

Hello CDF Members, Ambassadors, et Community, 

CDF is sponsoring a booth at the JFrog swampUP 2020 Online on June 30, 2020 and July 1, 2020 from 9am - 4pm GMT+1 time zone. 

We are seeking volunteers to help virtually staff the CDF booth. The minimum  requirement is 1 hour of your time. If you are interested in helping please sign up here!  (DEADLINE: June 22, 2020).

And we also have the option to sponsor live stream 1 hr session - send me an email if you're interested! 

Any CDF members (all tiers) that volunteer -  we are also asking them to provide the following marketing collateral from their companies. This is an opportunity to speak about your company's technology and represent the CDF & its projects all in one place. The collateral will be available for attendees who stop by the booth to download. Please provide in PDF format by DEADLINE: June 19, 2020 & send to jsalinas@....
  • Case studies 
  • White papers
  • Data sheets
  • Infographics 
  • Swag
We are seeking technical folks who can speak about the following projects: 
  • Spinnaker
  • Tekton
  • Screwdriver 
  • Jenkins 
  • Jenkins X
  • CI/CD & DevOps general topics
We are also seeking volunteers from the Governing Board, TOC, and Ambassador program to help represent the CDF and speak to its initiatives. If you have any questions, feel free to reach out to me. Thanks! 


Jacqueline Salinas 
Continuous Delivery Foundation
Director of Ecosystem & Community
408 218 0667




{MEMBER BENEFIT OPPTY} Call for volunteers & content for CDF booth @ JFrog's swampUP Day Online, July 23-24 (Americas GMT 7 time zone)

Jacque Salinas
 

Hello CDF Members, Ambassadors, et Community, 

CDF is sponsoring a booth at the JFrog swampUP 2020 Online on June 23, 2020 and June 24th from 9am - 4pm PDT time. 

We are seeking volunteers to help virtually staff the CDF booth. The minimum  requirement is 1 hour of your time. If you are interested in helping please sign up here!  (DEADLINE: June 19, 2020).

And we also have the option to sponsor live stream 1 hr session - send me an email if you're interested! 

Any CDF members (all tiers) that volunteer -  we are also asking them to provide the following marketing collateral from their companies. This is an opportunity to speak about your company's technology and represent the CDF & its projects all in one place. The collateral will be available for attendees who stop by the booth to download. Please provide in PDF format by DEADLINE: June 19, 2020 & send to jsalinas@....
  • Case studies 
  • White papers
  • Data sheets
  • Infographics 
  • Swag
We are seeking technical folks who can speak about the following projects: 
  • Spinnaker
  • Tekton
  • Screwdriver 
  • Jenkins 
  • Jenkins X
  • CI/CD & DevOps general topics
We are also seeking volunteers from the Governing Board, TOC, and Ambassador program to help represent the CDF and speak to its initiatives. If you have any questions, feel free to reach out to me. Thanks! 

Jacqueline Salinas 
Continuous Delivery Foundation
Director of Ecosystem & Community
408 218 0667



421 - 440 of 858