-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Submit Buildpacks for Graduation consideration #247
Comments
Additional info from Emily Fox (CNCF TOC member): |
@hone any update regarding security audit request? |
@natalieparellano and I just finished the OSTIF security questionnaire. We should hear back from them in ~2 weeks on finding us a team to work with for the security audit. |
I just met with Quarkslab (and OSTIF) who will be doing our security audit. The first step will be building out the threat model. They'll reach out to us by the end of the week on what they've come up with for us to confirm. |
I've edited the original issue above to reflect the new changes to the graduation application requirements, per the TOC updates: https://github.com/cncf/toc/blob/main/process/README.md |
The purpose of this issue is to track tasks associated with getting Buildpacks for CNCF project graduation. The time it takes from opening a PR to final decision varies wildly and depends on what is uncovered in the review process, as you can see with Cilium taking nearly a year. But the average time seems to be 9 months.
Note: I've completely edited everything below to reflect the NEW application form as they just updated it within the last 2 weeks.
This template provides the project with a framework to inform the TOC of their conformance to the Graduation Level Criteria.
$PROJECT Graduation Application
v1.5
This template provides the project with a framework to inform the TOC of their conformance to the Graduation Level Criteria.
Project Repo(s): $URL
Project Site: $URL
Sub-Projects: $LIST
Communication: $SLACK
Project points of contacts: $NAME, $EMAIL
Graduation Criteria Summary for $PROJECT
Adoption Assertion
The project has been adopted by the following organizations in a testing and integration or production capacity:
Criteria
Application Process Principles
Suggested
N/A
Required
Completion of this due diligence document, resolution of concerns raised, and presented for public comment satisifies the Due Diligence Review criteria.
Governance and Maintainers
Note: this section may be augmented by the completion of a Governance Review from TAG Contributor Strategy.
Suggested
Required
Contributors and Community
Note: this section may be augmented by the completion of a Governance Review from TAG Contributor Strategy.
Suggested
Required
Engineering Principles
Document the project's release process and guidelines publicly in a RELEASES.md or equivalent file that defines:
Security
Note: this section may be augemented by a joint-assessment performed by TAG Security.
Suggested
Required
Third Party Security Review.
Ecosystem
Suggested
N/A
Required
The project provided the TOC with a list of adopters for verification of use of the project at the level expected, i.e. production use for graduation, dev/test for incubation.
Refer to the Adoption portion of this document.
Adoption
Adopter 1 - $COMPANY/$INDUSTRY
If the Adopting organization needs to remain anonymous, stating the industry vertical is sufficient.
MONTH YEAR
Adopter 2 - $COMPANY/$INDUSTRY
If the Adopting organization needs to remain anonymous, stating the industry vertical is sufficient.
MONTH YEAR
Adopter 3 - $COMPANY/$INDUSTRY
If the Adopting organization needs to remain anonymous, stating the industry vertical is sufficient.
MONTH YEAR
Projects moving from incubation to graduation are tracked here: https://github.com/orgs/cncf/projects/27/views/9
Once we've checked off all the above, we can fill out the Graduation Proposal and submit a PR. Example of a current project's PR in consideration (Falco): cncf/toc#956 and some that have been recently approved: cncf/toc#952 cncf/toc#1000
The text was updated successfully, but these errors were encountered: