[Presentation] cert-manager Graduation Overview #1254
Comments
SgtCoDFish
added
triage-required
|
Hi @SgtCoDFish, sounds great! EMEA meetings are currently free for the next few weeks, please choose a time in the meeting document. As part of the graduation in cncf/toc#1306 we can support you in the The cert-manager incubation due diligence document from a couple of years ago might be useful as a baseline to support the graduation documents too. Any questions please ask, we're here to help 🙏 |
|
Thanks very much for the quick reply 😁 I've put us in for 2024-05-22 and we'll prepare for then!
That sounds great, thank you for pointing to that because I'd been meaning to investigate it! I guess there's nothing stopping us getting started with the self-assessment now (before the 22nd), right? |
Absolutely! And if you share the doc link for public comment we can support async before the 22nd too 🙏 |
|
Hey, here is the self-assessment doc: https://hackmd.io/_e-m6hnzRzqsosUv3aG60A?view. I'm struggling and need help with the subsections "Actors" and "Actions". Are the actors the same as in the security audit report: cert-manager contributors, untrusted users outside of cluster, limited privilege cluster users, cert-manager maintainers, third-party contributors, third-party maintainers? Let me know if you are available on the Kubernetes Slack. |
|
hi @maelvls , thanks for sharing the self-assessment doc. The self-assessment guide describes actors as "the individual parts of your system that interact to provide the desired functionality", so I would consider them as the different components of cert-manager rather than the threat actors. Actions then should delineate which interactions exist between the actors. I am available on the CNCF Slack |
|
Thanks for having us on the EMEA meeting today! I'm taking away the following actions:
I'll comment on this issue when I've done those. I'll also update the graduation application to reflect the meeting and self assessment! |
|
Here's the Google doc for our self-assesment - the above HackMD can now be ignored! https://docs.google.com/document/d/1Sl1SqYbPSbBMoZroBU8M1dMw5DN-uUgoR1KLHoo5tr0/edit?usp=sharing Anyone should be able to comment on it - any problems, let me know! |
Thanks for the quick update, I appreciate the effort! This makes it easy for interested TAG volunteers to provide feedback directly to the maintainers. I will have a look at the document myself in the next couple of days and hopefully provide any input or ask for clarifications. |
|
@SgtCoDFish thanks for the feedback on the self-assessment doc, I'm done with my review :) Once you are happy with the revised document, please feel free to raise a PR to this repository to include the self-assessment doc in Markdown format to the |
|
Thanks very much! I'll try to raise a PR soon 👍 |
Title: cert-manager Graudation Overview
Speakers:
Other attendees from the cert-manager project:
Description: An overview of what cert-manager is and does, mostly with the aim of facilitating connections, questions and input from tag-security. Related to (and required by) cert-manager's Graduation Application.
Time: 10 mins, with extra time after for questions if required.
Availability: European timezones preferred!
TO DO:
The text was updated successfully, but these errors were encountered: