Date   

Re: How are other projects signing releases?

Olivier Vernin
 

I would like to add some clarification, while the end goal is to effectively get a code signing certificates, the "tricky" part is to have a "verified" account on one of the many provider that exist in order to get a certificate.
During that account creation they ask various information to verify that the person who create the account really belong to the organization and has the right to proceed.
I think we won't be able to create that account as long as the jenkins trademark is not fully transfered to the Linux Foundation

Olivier

---
gpg --keyserver keys.gnupg.net --recv-key 52210D3D
---


On Thu, Oct 3, 2019, at 6:06 AM, Chris Aniszczyk wrote:
Hey Tyler, I re-opened the issue to do some more investigation on our end, I need a bit more detail on the legal concerns, before we find a creative solution.

Almost all projects go the GPG route (or through some package registry) so this may be a new case.

On Wed, Oct 2, 2019 at 10:20 PM R. Tyler Croy <rtyler@...> wrote:

Greetings from ye olde Jenkins projecte! My colleague in the Jenkins infra
project Olivier (olblak) has been working on automating our releases and the
issue of signing those releases has been a sticking point. This is especially
challenging for the Mac and Windows packages we distribute, which must be
signed with a certificate from a certificate authority (think Verisign, etc).
Our Linux packages in contrast can be signed with a GPG key we can generate
and distribute ourselves.

This ticket was opened by cra@
some misunderstanding about the specifics about our requirements.

When we tried this ourselves perviously and a certificate authority would _not_
issue us a certificate because "Jenkins" itself was/is not itself a legal
entity. My assumption was that the CDF, as a legitimate legal entity would be
able to broker a valid certificate on our behalf and that could be shoved into
our Azure Key Vault for signing of our releases. As you can see in the ticket,
there's reluctance to do so at the moment.

I'm wondering if any other projects have found a way to sign packages requiring
valid certificates in a way that I might be missing here. For example, if we
just purchased a normal cert for jenkins.io (as an example), and used that as a
code signing certificate, I'm not sure if that works in the Mac/Windows
ecosystem or if a certificate authority would go for it.

If there's not an approach I am be missing, and Dan's comments on the ticket
are correct in that the CDF would not at this time be able to acquire the code
signing certificate, then one of our initial motivations for Jenkins to move in
the foundation direction will have failed, and I'm not entirely certain how
we'll work around it. :-/


Looking forward to some ideas from the smart folks runnin' around here :)



Toodles
--

GPG Key ID: 0F2298A980EE31ACCA0A7825E5C92681BEF6CEA2





--
Chris Aniszczyk (@cra) | +1-512-961-6719


Re: How are other projects signing releases?

Chris Aniszczyk
 

Hey Tyler, I re-opened the issue to do some more investigation on our end, I need a bit more detail on the legal concerns, before we find a creative solution.

Almost all projects go the GPG route (or through some package registry) so this may be a new case.

On Wed, Oct 2, 2019 at 10:20 PM R. Tyler Croy <rtyler@...> wrote:

Greetings from ye olde Jenkins projecte! My colleague in the Jenkins infra
project Olivier (olblak) has been working on automating our releases and the
issue of signing those releases has been a sticking point. This is especially
challenging for the Mac and Windows packages we distribute, which must be
signed with a certificate from a certificate authority (think Verisign, etc).
Our Linux packages in contrast can be signed with a GPG key we can generate
and distribute ourselves.

This ticket was opened by cra@
(https://github.com/cdfoundation/foundation/issues/10) but I believe there was
some misunderstanding about the specifics about our requirements.

When we tried this ourselves perviously and a certificate authority would _not_
issue us a certificate because "Jenkins" itself was/is not itself a legal
entity. My assumption was that the CDF, as a legitimate legal entity would be
able to broker a valid certificate on our behalf and that could be shoved into
our Azure Key Vault for signing of our releases. As you can see in the ticket,
there's reluctance to do so at the moment.

I'm wondering if any other projects have found a way to sign packages requiring
valid certificates in a way that I might be missing here. For example, if we
just purchased a normal cert for jenkins.io (as an example), and used that as a
code signing certificate, I'm not sure if that works in the Mac/Windows
ecosystem or if a certificate authority would go for it.

If there's not an approach I am be missing, and Dan's comments on the ticket
are correct in that the CDF would not at this time be able to acquire the code
signing certificate, then one of our initial motivations for Jenkins to move in
the foundation direction will have failed, and I'm not entirely certain how
we'll work around it. :-/


Looking forward to some ideas from the smart folks runnin' around here :)



Toodles
--
GitHub:  https://github.com/rtyler

GPG Key ID: 0F2298A980EE31ACCA0A7825E5C92681BEF6CEA2





--
Chris Aniszczyk (@cra) | +1-512-961-6719


How are other projects signing releases?

R. Tyler Croy
 

Greetings from ye olde Jenkins projecte! My colleague in the Jenkins infra
project Olivier (olblak) has been working on automating our releases and the
issue of signing those releases has been a sticking point. This is especially
challenging for the Mac and Windows packages we distribute, which must be
signed with a certificate from a certificate authority (think Verisign, etc).
Our Linux packages in contrast can be signed with a GPG key we can generate
and distribute ourselves.

This ticket was opened by cra@
(https://github.com/cdfoundation/foundation/issues/10) but I believe there was
some misunderstanding about the specifics about our requirements.

When we tried this ourselves perviously and a certificate authority would _not_
issue us a certificate because "Jenkins" itself was/is not itself a legal
entity. My assumption was that the CDF, as a legitimate legal entity would be
able to broker a valid certificate on our behalf and that could be shoved into
our Azure Key Vault for signing of our releases. As you can see in the ticket,
there's reluctance to do so at the moment.

I'm wondering if any other projects have found a way to sign packages requiring
valid certificates in a way that I might be missing here. For example, if we
just purchased a normal cert for jenkins.io (as an example), and used that as a
code signing certificate, I'm not sure if that works in the Mac/Windows
ecosystem or if a certificate authority would go for it.

If there's not an approach I am be missing, and Dan's comments on the ticket
are correct in that the CDF would not at this time be able to acquire the code
signing certificate, then one of our initial motivations for Jenkins to move in
the foundation direction will have failed, and I'm not entirely certain how
we'll work around it. :-/


Looking forward to some ideas from the smart folks runnin' around here :)



Toodles
--
GitHub: https://github.com/rtyler

GPG Key ID: 0F2298A980EE31ACCA0A7825E5C92681BEF6CEA2


Re: Landscape draft ready for review by TOC

Dan Lopez <dlopez@...>
 

Reminder: if you are going to edit code, please create a pull request into /develop branch. The team will merge into master when develop passes review, test, and builds are clean.


Best
--
Dan Lopez
The Linux Foundation
+1 415.735.5881


On Thu, Sep 26, 2019 at 4:05 PM Dan Lopez via Lists.Cd.Foundation <dlopez=linuxfoundation.org@...> wrote:
Yes, lets do it all in github.


Please file issues and pull requests

--
Dan Lopez
The Linux Foundation
+1 415.735.5881


On Thu, Sep 26, 2019 at 3:02 PM Tara Hernandez via Lists.Cd.Foundation <tarahernandez=google.com@...> wrote:
seconded.  This is pretty slick, thanks for putting this together.

On Thu, Sep 26, 2019 at 2:59 PM Chris Aniszczyk <caniszczyk@...> wrote:
Let’s do it all on GitHub!

On Sep 27, 2019, at 5:54 AM, Michael Neale <mneale@...> wrote:


Thanks Tracy. How would you like feedback - as issues on the repo? PRs or email direct? 

On Fri, Sep 27, 2019 at 12:58 AM Tracy Ragan <tracy@...> wrote:
A draft of our CDF landscape is now available for your input. 
 
Please keep in mind the goal is to confirm the initial categories.  What I would like to see happen is the TOC review it, give me feedback on the categories and I will be happy to update it accordingly.  Once the categories are sorted out, we should allow the members to self-select which ones they fit in.  That being said, I did my best to add members where I thought they belonged and to make sure we had a least one solution represented in each category regardless if they are CDF members or not. (We can't have an empty category.)

Also, I had problems with Cycloid and DevOpsInstitute's Crunchbase listing so they are not listed.  I am working with them to get that sorted out.  I want to make sure our members are all listed under the member category for first release even if they are not listed in a category.

Please let me know by October 4th your input.  We would like to get this published on our website in short order.  

--
Kind Regards,

Tracy Ragan
CEO and Co-Founder / DeployHub / tel: + 1.505.424.6440/ mob: +1.505.780.0558

Follow us on: Blog / Twitter Facebook / LinkedIn / YouTube / GitHub
Where developers share and find microservices






--
Regards, 

Michael Neale
twitter: @michaelneale, skype: michael_d_neale
Cell: +61 423175597 (Australia)
Cofounder @ CloudBees



--
Tara Hernandez
Engineering Manager Google Cloud




Re: Landscape draft ready for review by TOC

Dan Lopez <dlopez@...>
 

Yes, lets do it all in github.


Please file issues and pull requests

--
Dan Lopez
The Linux Foundation
+1 415.735.5881


On Thu, Sep 26, 2019 at 3:02 PM Tara Hernandez via Lists.Cd.Foundation <tarahernandez=google.com@...> wrote:
seconded.  This is pretty slick, thanks for putting this together.

On Thu, Sep 26, 2019 at 2:59 PM Chris Aniszczyk <caniszczyk@...> wrote:
Let’s do it all on GitHub!

On Sep 27, 2019, at 5:54 AM, Michael Neale <mneale@...> wrote:


Thanks Tracy. How would you like feedback - as issues on the repo? PRs or email direct? 

On Fri, Sep 27, 2019 at 12:58 AM Tracy Ragan <tracy@...> wrote:
A draft of our CDF landscape is now available for your input. 
 
Please keep in mind the goal is to confirm the initial categories.  What I would like to see happen is the TOC review it, give me feedback on the categories and I will be happy to update it accordingly.  Once the categories are sorted out, we should allow the members to self-select which ones they fit in.  That being said, I did my best to add members where I thought they belonged and to make sure we had a least one solution represented in each category regardless if they are CDF members or not. (We can't have an empty category.)

Also, I had problems with Cycloid and DevOpsInstitute's Crunchbase listing so they are not listed.  I am working with them to get that sorted out.  I want to make sure our members are all listed under the member category for first release even if they are not listed in a category.

Please let me know by October 4th your input.  We would like to get this published on our website in short order.  

--
Kind Regards,

Tracy Ragan
CEO and Co-Founder / DeployHub / tel: + 1.505.424.6440/ mob: +1.505.780.0558

Follow us on: Blog / Twitter Facebook / LinkedIn / YouTube / GitHub
Where developers share and find microservices






--
Regards, 

Michael Neale
twitter: @michaelneale, skype: michael_d_neale
Cell: +61 423175597 (Australia)
Cofounder @ CloudBees



--
Tara Hernandez
Engineering Manager Google Cloud




Re: Landscape draft ready for review by TOC

Tara Hernandez
 

seconded.  This is pretty slick, thanks for putting this together.


On Thu, Sep 26, 2019 at 2:59 PM Chris Aniszczyk <caniszczyk@...> wrote:
Let’s do it all on GitHub!

On Sep 27, 2019, at 5:54 AM, Michael Neale <mneale@...> wrote:


Thanks Tracy. How would you like feedback - as issues on the repo? PRs or email direct? 

On Fri, Sep 27, 2019 at 12:58 AM Tracy Ragan <tracy@...> wrote:
A draft of our CDF landscape is now available for your input. 
 
Please keep in mind the goal is to confirm the initial categories.  What I would like to see happen is the TOC review it, give me feedback on the categories and I will be happy to update it accordingly.  Once the categories are sorted out, we should allow the members to self-select which ones they fit in.  That being said, I did my best to add members where I thought they belonged and to make sure we had a least one solution represented in each category regardless if they are CDF members or not. (We can't have an empty category.)

Also, I had problems with Cycloid and DevOpsInstitute's Crunchbase listing so they are not listed.  I am working with them to get that sorted out.  I want to make sure our members are all listed under the member category for first release even if they are not listed in a category.

Please let me know by October 4th your input.  We would like to get this published on our website in short order.  

--
Kind Regards,

Tracy Ragan
CEO and Co-Founder / DeployHub / tel: + 1.505.424.6440/ mob: +1.505.780.0558

Follow us on: Blog / Twitter Facebook / LinkedIn / YouTube / GitHub
Where developers share and find microservices






--
Regards, 

Michael Neale
twitter: @michaelneale, skype: michael_d_neale
Cell: +61 423175597 (Australia)
Cofounder @ CloudBees



--
Tara Hernandez
Engineering Manager Google Cloud




Re: Landscape draft ready for review by TOC

Chris Aniszczyk
 

Let’s do it all on GitHub!

On Sep 27, 2019, at 5:54 AM, Michael Neale <mneale@...> wrote:


Thanks Tracy. How would you like feedback - as issues on the repo? PRs or email direct? 

On Fri, Sep 27, 2019 at 12:58 AM Tracy Ragan <tracy@...> wrote:
A draft of our CDF landscape is now available for your input. 
 
Please keep in mind the goal is to confirm the initial categories.  What I would like to see happen is the TOC review it, give me feedback on the categories and I will be happy to update it accordingly.  Once the categories are sorted out, we should allow the members to self-select which ones they fit in.  That being said, I did my best to add members where I thought they belonged and to make sure we had a least one solution represented in each category regardless if they are CDF members or not. (We can't have an empty category.)

Also, I had problems with Cycloid and DevOpsInstitute's Crunchbase listing so they are not listed.  I am working with them to get that sorted out.  I want to make sure our members are all listed under the member category for first release even if they are not listed in a category.

Please let me know by October 4th your input.  We would like to get this published on our website in short order.  

--
Kind Regards,

Tracy Ragan
CEO and Co-Founder / DeployHub / tel: + 1.505.424.6440/ mob: +1.505.780.0558

Follow us on: Blog / Twitter Facebook / LinkedIn / YouTube / GitHub
Where developers share and find microservices






--
Regards, 

Michael Neale
twitter: @michaelneale, skype: michael_d_neale
Cell: +61 423175597 (Australia)
Cofounder @ CloudBees


Re: Landscape draft ready for review by TOC

Michael Neale
 

Thanks Tracy. How would you like feedback - as issues on the repo? PRs or email direct? 


On Fri, Sep 27, 2019 at 12:58 AM Tracy Ragan <tracy@...> wrote:
A draft of our CDF landscape is now available for your input. 
 
Please keep in mind the goal is to confirm the initial categories.  What I would like to see happen is the TOC review it, give me feedback on the categories and I will be happy to update it accordingly.  Once the categories are sorted out, we should allow the members to self-select which ones they fit in.  That being said, I did my best to add members where I thought they belonged and to make sure we had a least one solution represented in each category regardless if they are CDF members or not. (We can't have an empty category.)

Also, I had problems with Cycloid and DevOpsInstitute's Crunchbase listing so they are not listed.  I am working with them to get that sorted out.  I want to make sure our members are all listed under the member category for first release even if they are not listed in a category.

Please let me know by October 4th your input.  We would like to get this published on our website in short order.  

--
Kind Regards,

Tracy Ragan
CEO and Co-Founder / DeployHub / tel: + 1.505.424.6440/ mob: +1.505.780.0558

Follow us on: Blog / Twitter Facebook / LinkedIn / YouTube / GitHub
Where developers share and find microservices






--
Regards, 

Michael Neale
twitter: @michaelneale, skype: michael_d_neale
Cell: +61 423175597 (Australia)
Cofounder @ CloudBees


Re: Security SIG Update

Fred Blaise
 

Thanks Dan :)

Would you mind just renaming the Drive folder to something more explicit like "CDF Security SIG"? 

Cheers,
fred


Re: Supporting China based contributors for TOC meetings

Tara Hernandez
 

"Awesome"

:/

Guess we'll just have to play it by ear if we get somebody from behind the GFW who wants to join in...

On Wed, Sep 25, 2019 at 2:20 PM Raymond Paik via Lists.Cd.Foundation <rpaik=gitlab.com@...> wrote:
FYI. Someone forwarded this article to me recently.


I don't have a direct first hand account from PRC on any issues with Zoom there. However, most developers find ways around restrictions and I've seen this with other conferencing tools like WebEx, Go-To-Meeting, etc. 

On Mon, Sep 23, 2019 at 10:35 PM Tara Hernandez via Lists.Cd.Foundation <tarahernandez=google.com@...> wrote:
Hey folks, me again - unfortunately I will have to miss tomorrow's meeting due to a work conflict but please let me know if there's thoughts on whether or not people think the docs -> GitHub mechanism is fine or if anyone wants to propose another option.

-Tara

On Wed, Sep 18, 2019, 5:00 PM Rick <linuxsuren@...> wrote:
So glad to know that web client for zoom is not blocked. I thought the zoom already be blocked totally. Anyway, using zoom sounds like a good idea.

On Thu, Sep 19, 2019 at 4:25 AM Ramin Akhbari via Lists.Cd.Foundation <rakhbari=ebay.com@...> wrote:

My 2-cents… Switching to Skype would most definitely be equivalent to “Jumping out of the frying pan and into the fire” type situation. My personal experience with Skype has been far sub-par over the last 3-4 years and there’s no indication it’s improving in any way. I highly recommend either Zoom or paid Slack (if CDF can afford it).

 

Cheers,

Ramin

 

 

From: cdf-toc@... <cdf-toc@...> On Behalf Of Tara Hernandez via Lists.Cd.Foundation
Sent: Wednesday, September 18, 2019 1:23 PM
To: cdf-toc@...
Subject: Re: [cdf-toc] Supporting China based contributors for TOC meetings

 

Ah good to know on Zoom -- from comments in the last meeting it sounded like it might not work.

 

We can also certainly discuss if we want to switch editors, but thanks for indicating the github solution is known to be a legit one.

 

Cheers!

-Tara

 

On Wed, Sep 18, 2019 at 11:56 AM Chris Aniszczyk <caniszczyk@...> wrote:

Zoom isn't blocked in China yet, there's special instructions:

 

Users in China can access the Zoom web client at https://www.zoomus.cn/webclient/join. Please enter the meeting ID to join the meeting.
Example URL: http://zoomus.cn/webclient/123456789/join

 

For meeting notes, some projects in the LF use hackmd.io to collaborate and then dump that to the github repo post meeting

 

 

 

On Wed, Sep 18, 2019 at 1:53 PM Tara Hernandez via Lists.Cd.Foundation <tarahernandez=google.com@...> wrote:

Hey folks, attempting to close out my action items from the last meeting.

 

It continues to look like github is our best bet for the meetings notes.  I'm not finding anything else that's reliably available everywhere that really inspires, and this way it can be centralized to our TOC repo.

 

The downside to this of course is that we lose the shared editing during the meeting, so another possibility is that we publish the meetings notes to github once the meeting is complete but that we continue to use Docs during the meeting itself so most folks have the ability to amend, comment, etc.   I've tested a pretty straightforward way to do a publish that would support this model and you can see the results here:

 

 

I was also looking around at possible non-zoom chat options, and Skype and WeChat seem to be the most legit options (there's another one called Pinngle but all the reviews ultimately seem to be self-sourced by one guy out of the Ukraine so I'm not feeling awesome about it).  Comments on Skype seem to indicate that from China you're redirected to download the Chinese version so it's recommended to VPN your way to a better source, but regardless there can be quality issues.  The consensus for Wechat is that it's not ready for primetime outside of China yet (though inside of course it is King).

 

I suspect most people already knew all of this, but I guess I'm wondering out loud if we ultimately feel we can realistically support real time voice chat participation in China or similarly censored countries at this time?

 

Anyway, talk to you Tuesday!

 

-Tara

 

--

Tara Hernandez

Engineering Manager Google Cloud

 

 


 

--

Chris Aniszczyk (@cra) | +1-512-961-6719


 

--

Tara Hernandez

Engineering Manager Google Cloud

 

 



--



--
Tara Hernandez
Engineering Manager Google Cloud




Re: Supporting China based contributors for TOC meetings

Raymond Paik <rpaik@...>
 

FYI. Someone forwarded this article to me recently.


I don't have a direct first hand account from PRC on any issues with Zoom there. However, most developers find ways around restrictions and I've seen this with other conferencing tools like WebEx, Go-To-Meeting, etc. 

On Mon, Sep 23, 2019 at 10:35 PM Tara Hernandez via Lists.Cd.Foundation <tarahernandez=google.com@...> wrote:
Hey folks, me again - unfortunately I will have to miss tomorrow's meeting due to a work conflict but please let me know if there's thoughts on whether or not people think the docs -> GitHub mechanism is fine or if anyone wants to propose another option.

-Tara

On Wed, Sep 18, 2019, 5:00 PM Rick <linuxsuren@...> wrote:
So glad to know that web client for zoom is not blocked. I thought the zoom already be blocked totally. Anyway, using zoom sounds like a good idea.

On Thu, Sep 19, 2019 at 4:25 AM Ramin Akhbari via Lists.Cd.Foundation <rakhbari=ebay.com@...> wrote:

My 2-cents… Switching to Skype would most definitely be equivalent to “Jumping out of the frying pan and into the fire” type situation. My personal experience with Skype has been far sub-par over the last 3-4 years and there’s no indication it’s improving in any way. I highly recommend either Zoom or paid Slack (if CDF can afford it).

 

Cheers,

Ramin

 

 

From: cdf-toc@... <cdf-toc@...> On Behalf Of Tara Hernandez via Lists.Cd.Foundation
Sent: Wednesday, September 18, 2019 1:23 PM
To: cdf-toc@...
Subject: Re: [cdf-toc] Supporting China based contributors for TOC meetings

 

Ah good to know on Zoom -- from comments in the last meeting it sounded like it might not work.

 

We can also certainly discuss if we want to switch editors, but thanks for indicating the github solution is known to be a legit one.

 

Cheers!

-Tara

 

On Wed, Sep 18, 2019 at 11:56 AM Chris Aniszczyk <caniszczyk@...> wrote:

Zoom isn't blocked in China yet, there's special instructions:

 

Users in China can access the Zoom web client at https://www.zoomus.cn/webclient/join. Please enter the meeting ID to join the meeting.
Example URL: http://zoomus.cn/webclient/123456789/join

 

For meeting notes, some projects in the LF use hackmd.io to collaborate and then dump that to the github repo post meeting

 

 

 

On Wed, Sep 18, 2019 at 1:53 PM Tara Hernandez via Lists.Cd.Foundation <tarahernandez=google.com@...> wrote:

Hey folks, attempting to close out my action items from the last meeting.

 

It continues to look like github is our best bet for the meetings notes.  I'm not finding anything else that's reliably available everywhere that really inspires, and this way it can be centralized to our TOC repo.

 

The downside to this of course is that we lose the shared editing during the meeting, so another possibility is that we publish the meetings notes to github once the meeting is complete but that we continue to use Docs during the meeting itself so most folks have the ability to amend, comment, etc.   I've tested a pretty straightforward way to do a publish that would support this model and you can see the results here:

 

 

I was also looking around at possible non-zoom chat options, and Skype and WeChat seem to be the most legit options (there's another one called Pinngle but all the reviews ultimately seem to be self-sourced by one guy out of the Ukraine so I'm not feeling awesome about it).  Comments on Skype seem to indicate that from China you're redirected to download the Chinese version so it's recommended to VPN your way to a better source, but regardless there can be quality issues.  The consensus for Wechat is that it's not ready for primetime outside of China yet (though inside of course it is King).

 

I suspect most people already knew all of this, but I guess I'm wondering out loud if we ultimately feel we can realistically support real time voice chat participation in China or similarly censored countries at this time?

 

Anyway, talk to you Tuesday!

 

-Tara

 

--

Tara Hernandez

Engineering Manager Google Cloud

 

 


 

--

Chris Aniszczyk (@cra) | +1-512-961-6719


 

--

Tara Hernandez

Engineering Manager Google Cloud

 

 



--


Re: Security SIG Update

Kay Williams <kayw@...>
 

Thanks Dan!  Yes, please add the Security SIG calendar invite to the CDF public calendar.

 

From: cdf-toc@... <cdf-toc@...> On Behalf Of Dan Lopez via Lists.Cd.Foundation
Sent: Tuesday, September 24, 2019 4:15 PM
To: cdf-toc@...
Cc: Brian Russell <brianru@...>; Fred Blaise <fblaise@...>
Subject: Re: [cdf-toc] Security SIG Update

 

Hello All

 

The Security SIG is now supported with the following operational tech:

For those on the TOC list that would like to get the calendar invite, please let me know and I can add you. Also, please let me know if you would like this calendar invite more public and added to the CDF public calendar.

 

Best


--

Dan Lopez

The Linux Foundation

+1 415.735.5881

 

 

On Tue, Sep 24, 2019 at 6:53 AM Dan Lorenc via Lists.Cd.Foundation <dlorenc=google.com@...> wrote:

Thanks for the update! Once we get these setup it would be great to collect the calendar invites and times somewhere in https://github.com/cdfoundation/toc

 

Dan Lorenc

 

On Tue, Sep 24, 2019 at 8:26 AM Kay Williams via Lists.Cd.Foundation <kayw=microsoft.com@...> wrote:

Hey everyone, I wanted to share a quick update on the Security SIG:

 

  • We are making plans to hold our first bi-weekly meeting on Tuesday October 8 at 8:00 AM Pacific. These will be one hour ahead of the bi-weekly TOC meeting.
  • Dan Lopez is setting up a mailing list, calendar invite, zoom link, shared document space, etc.
  • I will send a welcome email and agenda to the TOC mailing list ahead of the meeting; everyone is welcome to attend.

 

Thoughts, questions? Please send to Brian, Fred (cc’d) and I.

 

Thanks!

Kay


Re: Security SIG Update

Dan Lopez <dlopez@...>
 

Hello All

The Security SIG is now supported with the following operational tech:
For those on the TOC list that would like to get the calendar invite, please let me know and I can add you. Also, please let me know if you would like this calendar invite more public and added to the CDF public calendar.

Best

--
Dan Lopez
The Linux Foundation
+1 415.735.5881


On Tue, Sep 24, 2019 at 6:53 AM Dan Lorenc via Lists.Cd.Foundation <dlorenc=google.com@...> wrote:
Thanks for the update! Once we get these setup it would be great to collect the calendar invites and times somewhere in https://github.com/cdfoundation/toc

Dan Lorenc

On Tue, Sep 24, 2019 at 8:26 AM Kay Williams via Lists.Cd.Foundation <kayw=microsoft.com@...> wrote:

Hey everyone, I wanted to share a quick update on the Security SIG:

 

  • We are making plans to hold our first bi-weekly meeting on Tuesday October 8 at 8:00 AM Pacific. These will be one hour ahead of the bi-weekly TOC meeting.
  • Dan Lopez is setting up a mailing list, calendar invite, zoom link, shared document space, etc.
  • I will send a welcome email and agenda to the TOC mailing list ahead of the meeting; everyone is welcome to attend.

 

Thoughts, questions? Please send to Brian, Fred (cc’d) and I.

 

Thanks!

Kay


Re: Security SIG Update

Dan Lorenc <dlorenc@...>
 

Thanks for the update! Once we get these setup it would be great to collect the calendar invites and times somewhere in https://github.com/cdfoundation/toc

Dan Lorenc

On Tue, Sep 24, 2019 at 8:26 AM Kay Williams via Lists.Cd.Foundation <kayw=microsoft.com@...> wrote:

Hey everyone, I wanted to share a quick update on the Security SIG:

 

  • We are making plans to hold our first bi-weekly meeting on Tuesday October 8 at 8:00 AM Pacific. These will be one hour ahead of the bi-weekly TOC meeting.
  • Dan Lopez is setting up a mailing list, calendar invite, zoom link, shared document space, etc.
  • I will send a welcome email and agenda to the TOC mailing list ahead of the meeting; everyone is welcome to attend.

 

Thoughts, questions? Please send to Brian, Fred (cc’d) and I.

 

Thanks!

Kay


Security SIG Update

Kay Williams <kayw@...>
 

Hey everyone, I wanted to share a quick update on the Security SIG:

 

  • We are making plans to hold our first bi-weekly meeting on Tuesday October 8 at 8:00 AM Pacific. These will be one hour ahead of the bi-weekly TOC meeting.
  • Dan Lopez is setting up a mailing list, calendar invite, zoom link, shared document space, etc.
  • I will send a welcome email and agenda to the TOC mailing list ahead of the meeting; everyone is welcome to attend.

 

Thoughts, questions? Please send to Brian, Fred (cc’d) and I.

 

Thanks!

Kay


Re: Supporting China based contributors for TOC meetings

Tara Hernandez
 

Hey folks, me again - unfortunately I will have to miss tomorrow's meeting due to a work conflict but please let me know if there's thoughts on whether or not people think the docs -> GitHub mechanism is fine or if anyone wants to propose another option.

-Tara

On Wed, Sep 18, 2019, 5:00 PM Rick <linuxsuren@...> wrote:
So glad to know that web client for zoom is not blocked. I thought the zoom already be blocked totally. Anyway, using zoom sounds like a good idea.

On Thu, Sep 19, 2019 at 4:25 AM Ramin Akhbari via Lists.Cd.Foundation <rakhbari=ebay.com@...> wrote:

My 2-cents… Switching to Skype would most definitely be equivalent to “Jumping out of the frying pan and into the fire” type situation. My personal experience with Skype has been far sub-par over the last 3-4 years and there’s no indication it’s improving in any way. I highly recommend either Zoom or paid Slack (if CDF can afford it).

 

Cheers,

Ramin

 

 

From: cdf-toc@... <cdf-toc@...> On Behalf Of Tara Hernandez via Lists.Cd.Foundation
Sent: Wednesday, September 18, 2019 1:23 PM
To: cdf-toc@...
Subject: Re: [cdf-toc] Supporting China based contributors for TOC meetings

 

Ah good to know on Zoom -- from comments in the last meeting it sounded like it might not work.

 

We can also certainly discuss if we want to switch editors, but thanks for indicating the github solution is known to be a legit one.

 

Cheers!

-Tara

 

On Wed, Sep 18, 2019 at 11:56 AM Chris Aniszczyk <caniszczyk@...> wrote:

Zoom isn't blocked in China yet, there's special instructions:

 

Users in China can access the Zoom web client at https://www.zoomus.cn/webclient/join. Please enter the meeting ID to join the meeting.
Example URL: http://zoomus.cn/webclient/123456789/join

 

For meeting notes, some projects in the LF use hackmd.io to collaborate and then dump that to the github repo post meeting

 

 

 

On Wed, Sep 18, 2019 at 1:53 PM Tara Hernandez via Lists.Cd.Foundation <tarahernandez=google.com@...> wrote:

Hey folks, attempting to close out my action items from the last meeting.

 

It continues to look like github is our best bet for the meetings notes.  I'm not finding anything else that's reliably available everywhere that really inspires, and this way it can be centralized to our TOC repo.

 

The downside to this of course is that we lose the shared editing during the meeting, so another possibility is that we publish the meetings notes to github once the meeting is complete but that we continue to use Docs during the meeting itself so most folks have the ability to amend, comment, etc.   I've tested a pretty straightforward way to do a publish that would support this model and you can see the results here:

 

 

I was also looking around at possible non-zoom chat options, and Skype and WeChat seem to be the most legit options (there's another one called Pinngle but all the reviews ultimately seem to be self-sourced by one guy out of the Ukraine so I'm not feeling awesome about it).  Comments on Skype seem to indicate that from China you're redirected to download the Chinese version so it's recommended to VPN your way to a better source, but regardless there can be quality issues.  The consensus for Wechat is that it's not ready for primetime outside of China yet (though inside of course it is King).

 

I suspect most people already knew all of this, but I guess I'm wondering out loud if we ultimately feel we can realistically support real time voice chat participation in China or similarly censored countries at this time?

 

Anyway, talk to you Tuesday!

 

-Tara

 

--

Tara Hernandez

Engineering Manager Google Cloud

 

 


 

--

Chris Aniszczyk (@cra) | +1-512-961-6719


 

--

Tara Hernandez

Engineering Manager Google Cloud

 

 



--


Re: Proposal: MLOps Sig

Tracy Miranda <tmiranda@...>
 

Hi Animesh,

Great - thanks for kicking this off.
I know a number of interested parties in this and will direct them to look at the PR and give feedback/help build it out.
Maybe also we can add to agenda for an upcoming TOC meeting.

Tracy 

On Wed, Sep 18, 2019 at 3:20 AM Animesh Singh <animation2007@...> wrote:
Hi All,

Would like to see the appetite in the community for an MLOps Sig. I am part of IBM, and participating heavily in Kubeflow community. I have created a straw-man proposal here, and based on the initial interest of the group, will do a formal PR and bring it back for vote!

https://github.com/cdfoundation/toc/issues/34

Thanks,
Animesh Singh


Re: Supporting China based contributors for TOC meetings

Rick
 

So glad to know that web client for zoom is not blocked. I thought the zoom already be blocked totally. Anyway, using zoom sounds like a good idea.


On Thu, Sep 19, 2019 at 4:25 AM Ramin Akhbari via Lists.Cd.Foundation <rakhbari=ebay.com@...> wrote:

My 2-cents… Switching to Skype would most definitely be equivalent to “Jumping out of the frying pan and into the fire” type situation. My personal experience with Skype has been far sub-par over the last 3-4 years and there’s no indication it’s improving in any way. I highly recommend either Zoom or paid Slack (if CDF can afford it).

 

Cheers,

Ramin

 

 

From: cdf-toc@... <cdf-toc@...> On Behalf Of Tara Hernandez via Lists.Cd.Foundation
Sent: Wednesday, September 18, 2019 1:23 PM
To: cdf-toc@...
Subject: Re: [cdf-toc] Supporting China based contributors for TOC meetings

 

Ah good to know on Zoom -- from comments in the last meeting it sounded like it might not work.

 

We can also certainly discuss if we want to switch editors, but thanks for indicating the github solution is known to be a legit one.

 

Cheers!

-Tara

 

On Wed, Sep 18, 2019 at 11:56 AM Chris Aniszczyk <caniszczyk@...> wrote:

Zoom isn't blocked in China yet, there's special instructions:

 

Users in China can access the Zoom web client at https://www.zoomus.cn/webclient/join. Please enter the meeting ID to join the meeting.
Example URL: http://zoomus.cn/webclient/123456789/join

 

For meeting notes, some projects in the LF use hackmd.io to collaborate and then dump that to the github repo post meeting

 

 

 

On Wed, Sep 18, 2019 at 1:53 PM Tara Hernandez via Lists.Cd.Foundation <tarahernandez=google.com@...> wrote:

Hey folks, attempting to close out my action items from the last meeting.

 

It continues to look like github is our best bet for the meetings notes.  I'm not finding anything else that's reliably available everywhere that really inspires, and this way it can be centralized to our TOC repo.

 

The downside to this of course is that we lose the shared editing during the meeting, so another possibility is that we publish the meetings notes to github once the meeting is complete but that we continue to use Docs during the meeting itself so most folks have the ability to amend, comment, etc.   I've tested a pretty straightforward way to do a publish that would support this model and you can see the results here:

 

 

I was also looking around at possible non-zoom chat options, and Skype and WeChat seem to be the most legit options (there's another one called Pinngle but all the reviews ultimately seem to be self-sourced by one guy out of the Ukraine so I'm not feeling awesome about it).  Comments on Skype seem to indicate that from China you're redirected to download the Chinese version so it's recommended to VPN your way to a better source, but regardless there can be quality issues.  The consensus for Wechat is that it's not ready for primetime outside of China yet (though inside of course it is King).

 

I suspect most people already knew all of this, but I guess I'm wondering out loud if we ultimately feel we can realistically support real time voice chat participation in China or similarly censored countries at this time?

 

Anyway, talk to you Tuesday!

 

-Tara

 

--

Tara Hernandez

Engineering Manager Google Cloud

 

 


 

--

Chris Aniszczyk (@cra) | +1-512-961-6719


 

--

Tara Hernandez

Engineering Manager Google Cloud

 

 




Re: Supporting China based contributors for TOC meetings

Ramin Akhbari
 

My 2-cents… Switching to Skype would most definitely be equivalent to “Jumping out of the frying pan and into the fire” type situation. My personal experience with Skype has been far sub-par over the last 3-4 years and there’s no indication it’s improving in any way. I highly recommend either Zoom or paid Slack (if CDF can afford it).

 

Cheers,

Ramin

 

 

From: cdf-toc@... <cdf-toc@...> On Behalf Of Tara Hernandez via Lists.Cd.Foundation
Sent: Wednesday, September 18, 2019 1:23 PM
To: cdf-toc@...
Subject: Re: [cdf-toc] Supporting China based contributors for TOC meetings

 

Ah good to know on Zoom -- from comments in the last meeting it sounded like it might not work.

 

We can also certainly discuss if we want to switch editors, but thanks for indicating the github solution is known to be a legit one.

 

Cheers!

-Tara

 

On Wed, Sep 18, 2019 at 11:56 AM Chris Aniszczyk <caniszczyk@...> wrote:

Zoom isn't blocked in China yet, there's special instructions:

 

Users in China can access the Zoom web client at https://www.zoomus.cn/webclient/join. Please enter the meeting ID to join the meeting.
Example URL: http://zoomus.cn/webclient/123456789/join

 

For meeting notes, some projects in the LF use hackmd.io to collaborate and then dump that to the github repo post meeting

 

 

 

On Wed, Sep 18, 2019 at 1:53 PM Tara Hernandez via Lists.Cd.Foundation <tarahernandez=google.com@...> wrote:

Hey folks, attempting to close out my action items from the last meeting.

 

It continues to look like github is our best bet for the meetings notes.  I'm not finding anything else that's reliably available everywhere that really inspires, and this way it can be centralized to our TOC repo.

 

The downside to this of course is that we lose the shared editing during the meeting, so another possibility is that we publish the meetings notes to github once the meeting is complete but that we continue to use Docs during the meeting itself so most folks have the ability to amend, comment, etc.   I've tested a pretty straightforward way to do a publish that would support this model and you can see the results here:

 

 

I was also looking around at possible non-zoom chat options, and Skype and WeChat seem to be the most legit options (there's another one called Pinngle but all the reviews ultimately seem to be self-sourced by one guy out of the Ukraine so I'm not feeling awesome about it).  Comments on Skype seem to indicate that from China you're redirected to download the Chinese version so it's recommended to VPN your way to a better source, but regardless there can be quality issues.  The consensus for Wechat is that it's not ready for primetime outside of China yet (though inside of course it is King).

 

I suspect most people already knew all of this, but I guess I'm wondering out loud if we ultimately feel we can realistically support real time voice chat participation in China or similarly censored countries at this time?

 

Anyway, talk to you Tuesday!

 

-Tara

 

--

Tara Hernandez

Engineering Manager Google Cloud

 

 


 

--

Chris Aniszczyk (@cra) | +1-512-961-6719


 

--

Tara Hernandez

Engineering Manager Google Cloud

 

 


Re: Supporting China based contributors for TOC meetings

Tara Hernandez
 

Ah good to know on Zoom -- from comments in the last meeting it sounded like it might not work.

We can also certainly discuss if we want to switch editors, but thanks for indicating the github solution is known to be a legit one.

Cheers!
-Tara

On Wed, Sep 18, 2019 at 11:56 AM Chris Aniszczyk <caniszczyk@...> wrote:
Zoom isn't blocked in China yet, there's special instructions:

Users in China can access the Zoom web client at https://www.zoomus.cn/webclient/join. Please enter the meeting ID to join the meeting.
Example URL: http://zoomus.cn/webclient/123456789/join

For meeting notes, some projects in the LF use hackmd.io to collaborate and then dump that to the github repo post meeting



On Wed, Sep 18, 2019 at 1:53 PM Tara Hernandez via Lists.Cd.Foundation <tarahernandez=google.com@...> wrote:
Hey folks, attempting to close out my action items from the last meeting.

It continues to look like github is our best bet for the meetings notes.  I'm not finding anything else that's reliably available everywhere that really inspires, and this way it can be centralized to our TOC repo.

The downside to this of course is that we lose the shared editing during the meeting, so another possibility is that we publish the meetings notes to github once the meeting is complete but that we continue to use Docs during the meeting itself so most folks have the ability to amend, comment, etc.   I've tested a pretty straightforward way to do a publish that would support this model and you can see the results here:


I was also looking around at possible non-zoom chat options, and Skype and WeChat seem to be the most legit options (there's another one called Pinngle but all the reviews ultimately seem to be self-sourced by one guy out of the Ukraine so I'm not feeling awesome about it).  Comments on Skype seem to indicate that from China you're redirected to download the Chinese version so it's recommended to VPN your way to a better source, but regardless there can be quality issues.  The consensus for Wechat is that it's not ready for primetime outside of China yet (though inside of course it is King).

I suspect most people already knew all of this, but I guess I'm wondering out loud if we ultimately feel we can realistically support real time voice chat participation in China or similarly censored countries at this time?

Anyway, talk to you Tuesday!

-Tara

--
Tara Hernandez
Engineering Manager Google Cloud





--
Chris Aniszczyk (@cra) | +1-512-961-6719



--
Tara Hernandez
Engineering Manager Google Cloud