-
Notifications
You must be signed in to change notification settings - Fork 492
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Presentation] cert-manager Graduation Overview #1254
Comments
Hi @SgtCoDFish, sounds great! EMEA meetings are currently free for the next few weeks, please choose a time in the meeting document. As part of the graduation in cncf/toc#1306 we can support you in the The cert-manager incubation due diligence document from a couple of years ago might be useful as a baseline to support the graduation documents too. Any questions please ask, we're here to help 🙏 |
Thanks very much for the quick reply 😁 I've put us in for 2024-05-22 and we'll prepare for then!
That sounds great, thank you for pointing to that because I'd been meaning to investigate it! I guess there's nothing stopping us getting started with the self-assessment now (before the 22nd), right? |
Absolutely! And if you share the doc link for public comment we can support async before the 22nd too 🙏 |
Hey, here is the self-assessment doc: https://hackmd.io/_e-m6hnzRzqsosUv3aG60A?view. I'm struggling and need help with the subsections "Actors" and "Actions". Are the actors the same as in the security audit report: cert-manager contributors, untrusted users outside of cluster, limited privilege cluster users, cert-manager maintainers, third-party contributors, third-party maintainers? Let me know if you are available on the Kubernetes Slack. |
hi @maelvls , thanks for sharing the self-assessment doc. The self-assessment guide describes actors as "the individual parts of your system that interact to provide the desired functionality", so I would consider them as the different components of cert-manager rather than the threat actors. Actions then should delineate which interactions exist between the actors. I am available on the CNCF Slack |
Thanks for having us on the EMEA meeting today! I'm taking away the following actions:
I'll comment on this issue when I've done those. I'll also update the graduation application to reflect the meeting and self assessment! |
Here's the Google doc for our self-assesment - the above HackMD can now be ignored! https://docs.google.com/document/d/1Sl1SqYbPSbBMoZroBU8M1dMw5DN-uUgoR1KLHoo5tr0/edit?usp=sharing Anyone should be able to comment on it - any problems, let me know! |
Thanks for the quick update, I appreciate the effort! This makes it easy for interested TAG volunteers to provide feedback directly to the maintainers. I will have a look at the document myself in the next couple of days and hopefully provide any input or ask for clarifications. |
@SgtCoDFish thanks for the feedback on the self-assessment doc, I'm done with my review :) Once you are happy with the revised document, please feel free to raise a PR to this repository to include the self-assessment doc in Markdown format to the |
Thanks very much! I'll try to raise a PR soon 👍 |
Title: cert-manager Graudation Overview
Speakers:
Other attendees from the cert-manager project:
Description: An overview of what cert-manager is and does, mostly with the aim of facilitating connections, questions and input from tag-security. Related to (and required by) cert-manager's Graduation Application.
Time: 10 mins, with extra time after for questions if required.
Availability: European timezones preferred!
TO DO:
The text was updated successfully, but these errors were encountered: