Review vendor neutrality guidelines

[craigbox]

Per the recommendations of the Moving Levels taskforce, these guidelines on vendor neutrality are now explicitly linked to by the TOC as requirements for a project to move to either Incubation or Graduation:

All project metadata and resources are vendor-neutral.
Governance clearly documents vendor-neutrality of project direction.

I would like to put these guidelines under some further scrutiny, and start discussion on some potential revisions.

Branding

There are no guidelines that require a project to have a substantially different branding from its contributing vendor. Branding similarity, often enforceable by trademarks, creates a strong association between a project and a vendor. I would like to see a requirement that a project have suitably different branding than the vendor that created it.

Communication

Favor

For projects, the key principle is that one company should not be favored over any other companies offering the same services. This means that each vendor should have fair representation and objective information should be provided by the project

I would like to add clarity on this point, especially regarding "the same services". As a project grows larger in scope, they may eventually consist of many different components. For example, the Argo project consists of ‎Workflows, CD, Rollouts and Events. It is feasible that only the company that originated the project is willing or able to support the entirety of the project. An automation vendor that wants to show they support Argo Events should not be restricted from being listed on the project site at all, simply because they choose not to support all four Argo projects; rather the expectation should be that anyone may be listed with an accurate representation of the services they choose to provide.

Competition

The CNCF charter talks about "vendor-neutral projects". There are many CNCF projects in the same space as each other, where a user would only reasonably adopt one.

The CNCF itself needs to be project-impartial, but a project should not have to be. I don't believe there should be guidance to compel projects to stop competing just because they happen to be in the CNCF.

Thus, two points here confuse me:

• Project blogs should keep other CNCF projects in a positive light
• Post/re-posts from project handles should not have content that disparages different vendors or CNCF projects

(This also does not address the common case where a contributor to a project or an employee of a vendor posts disparaging content on their on social medial feed.)

Website guidelines

The neutrality documentation refers to the CNCF guidelines for websites.

It is not clear that these guidelines apply to other sites, such as Slack redirectors and calendar/booking services.

Hosting

It is not clear that neutrality guidelines need be followed in presentations made on behalf of a project, such as webinars.

I would also like it made clear that a project may not share the contributing company's infrastructure, such as forums, mailing lists, calendars or YouTube channels; and discussion on if it is OK for a project to link to a vendor site for project case studies.

Enforcement

Today, this document (and the CNCF website document) are presented as guidelines. This leads even the most experienced of CNCF contributors to consider complying with them to be voluntary.

There are many cases where these guidelines are not being followed, whether deliberately or by way of oversight.

(There are many vendors who have violated the Linux Foundation trademark policies with the naming of their enterprise product. All the ones I know of have been fixed, but these violations were on the vendor's site, and not the project's site. It is hard to see how the CNCF has "jurisdiction" with a vendor outside of trademarks.)

They may now be reviewed at projects moving levels, or health checks afterwards, but there still remains scope for a vendor to violate the guidelines at the disadvantage of others.

• Who enforces compliance with these guidelines?
• What should happen if a project doesn't follow them?
• Who can issues be escalated to?

(I am not sure if the TOC considers this kind of work in-scope. )

[jberkus]

Hey, Craig. Looks like you have a lot of great feedback for improving the Vendor Neutrality guidelines. Could you submit a PR, or better a series of PRs, with these edits? Then we can review them and start the approval process.

Re: Enforcement, we'll need to query the TOC on how they want to handle reports of violations.