Feedback on the new matriculation process #1293
Comments
|
Karena plans to check this out later this week. |
angellk
moved this from Ready for assignment
to Active Review & Discussion
in CNCF TOC Board
Thanks @craigbox - for this recommendation, the move to GitHub issues has been working overall. Recommend the current process continue since the moving levels process has been increasing in efficiency. Notably: the Sandbox board was cleared in the last Sandbox review and is set up for an efficient review in the February 25th meeting. The Incubating and Graduating queues have also increased in efficiency. |
@craigbox thank you! recommend opening a new issue for consolidating/de-duping the security requirements For all other items - recommend reviewing post-TAG Reboot (after KubeCon) and opening separate issues for outstanding items. Thanks again - hopefully you'll see recommendations incorporated within the new TOC changes. |
github-project-automation
bot
moved this from Active Review & Discussion
to Done
in CNCF TOC Board
I have migrated Kubescape's incubation application from November 2023 to the new format. Here is my feedback on the process, and things I would change. It relates only to the incubation criteria, but I expect the graduation to be largely the same.
Using GitHub issues
Having this content exist in a GitHub issue means it can only be edited by one person. There's no facility to comment on certain sections, have suggestions written in by others, or indeed to have more than one person make commits.
You also end up with one set of documents as MD files in a repo (for older projects), and one set in issues (from this point on).
Recommendation: move back to using PRs and files.
Template content
I don't understand why there is a section marked "Incubation Criteria Summary" at the top. The draft criteria starts with "Application Process Principles".
Recommendation: remove this section.
Mixing content which needs to be filled in by the project, with content which needs to be filled in by someone else, makes it hard to know when you're done. For example the "TAG insight" and "Due Diligence Review" sections under "Application Process Principles" are the responsibility of a TAG and the TOC, respectively.
Recommendation: have an appendix section at the end of the document where the response to this document from TAG, TOC or other review is noted, and have all checklist items be things the project is expected to assert.
"Document agreement that project will adopt CNCF Code of Conduct" should only be required at Sandbox and/or if a project joins directly at incubation.
I merged two headings in two cases, as one answer addressed both points:
Recommendation: merge these.
Having to document security procedures, perform a security self-assessment and achieve an OpenSSF Best Practices badge requires us to document the same data up to three times.
Recommendation: consider dropping one of the external requirements and/or not asking security questions in the template.
TAG & TOC interaction
There is a requirement to get TAG guidance; the format of what should be provided has not been standardised by the TAGs.
Other
I exercised my right to ignore everything marked "suggested".
The "new issue" screen has an option to "Explore Incubation Backlog". This is a link to a static project board last updated on Sep 2023, and is not the current dynamic project board. (That board lists both incubating and graduated projects.)
The text was updated successfully, but these errors were encountered: