Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update the roadmap and vision to reflect the current state #1719

Merged
merged 1 commit into from
Oct 11, 2021
Merged

Update the roadmap and vision to reflect the current state #1719

merged 1 commit into from
Oct 11, 2021

Conversation

saschagrunert
Copy link
Member

@saschagrunert saschagrunert commented Oct 5, 2021
edited
Loading

What type of PR is this:

/kind documentation

What this PR does / why we need it:

  • Added SLSA compliance deliverable
  • Use a new section Done Deliverables for closed topics.
  • Remove the status tracking at the end.

Which issue(s) this PR fixes:

None

Special notes for your reviewer:

We should send out a note to the mailing list after this has been done.

@k8s-ci-robot k8s-ci-robot added kind/documentation Categorizes issue or PR as related to documentation. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-priority size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Oct 5, 2021
@k8s-ci-robot k8s-ci-robot added sig/release Categorizes an issue or PR as relevant to SIG Release. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Oct 5, 2021
justaugustus
justaugustus requested changes Oct 7, 2021
View reviewed changes
Copy link
Member

@justaugustus justaugustus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@saschagrunert -- Thanks for the updates!

One thing I think worth calling out (in "Known Risks" maybe) is that the SLSA framework is in earlier stages and changes to it can/may affect some of the direction of roadmap items.

Additionally, that we intend to partner and provide feedback on the framework.
With that in mind, it may be worth editing "fully SLSA-compliant" to less restrictive phrasing?

@PushkarJ
Copy link
Member

PushkarJ commented Oct 7, 2021

Great to see this !! Speaking on behalf of SIG Security Friends, we look forward to helping SIG Release get towards SLSA compliance with code and non-code contributions :) cc @puerco

Personally, I am very interested in 5 and 9 deliverables ✨

@justaugustus
Copy link
Member

/priority important-soon
/hold for additional reviews from @kubernetes/sig-release-leads (and addressing feedback)

@k8s-ci-robot k8s-ci-robot added do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. and removed needs-priority labels Oct 7, 2021
@saschagrunert
Update the roadmap and vision to reflect the current state
f62149d 
- Added SLSA compliance deliverable
- Use a new section `Done Deliverables` for closed topics.
- Remove the status tracking at the end.

Signed-off-by: Sascha Grunert <[email protected]>
@saschagrunert
Copy link
Member Author

Rephrased the SLSA topic and added the known risk. ✔️

@dims
Copy link
Member

dims commented Oct 8, 2021

@saschagrunert repeating the question @lachie83 asked on slack here - https://kubernetes.slack.com/archives/C2C40FMNF/p1633713488372400?thread_ts=1633618860.356500&cid=C2C40FMNF

Are you raising KEPs for these deliverables? It looks like a lot of them should require a KEP.

Looks like @PushkarJ thinks @kubernetes/sig-security may be interested as well?

@reylejano
Copy link
Member

Adding on to @dims comment, I understand this is a SIG Release roadmap so this may not be applicable, do we want to mention efforts from @PushkarJ and sig-security-tooling e.g. Go vulndb, snyk scanning which are tracked in umbrella issue kubernetes/sig-security#3

@justaugustus
Copy link
Member

@saschagrunert repeating the question @lachie83 asked on slack here - https://kubernetes.slack.com/archives/C2C40FMNF/p1633713488372400?thread_ts=1633618860.356500&cid=C2C40FMNF

Are you raising KEPs for these deliverables? It looks like a lot of them should require a KEP.

Looks like @PushkarJ thinks @kubernetes/sig-security may be interested as well?

Absolutely! We'll be working on tying all of the threads together with KEPs post-KubeCon.
We'll rope in participating SIGs as those drafts get opened. :)

@justaugustus justaugustus mentioned this pull request Oct 11, 2021
Closed
@justaugustus
Copy link
Member

Absolutely! We'll be working on tying all of the threads together with KEPs post-KubeCon. We'll rope in participating SIGs as those drafts get opened. :)

Opened this issue to track: #1724

Adding on to @dims comment, I understand this is a SIG Release roadmap so this may not be applicable, do we want to mention efforts from @PushkarJ and sig-security-tooling e.g. Go vulndb, snyk scanning which are tracked in umbrella issue kubernetes/sig-security#3

@reylejano -- Let's mention those as necessary in the relevant KEPs, but leave them off of the roadmap until needed (since we're not the owning SIG).

justaugustus
justaugustus approved these changes Oct 11, 2021
View reviewed changes
Copy link
Member

@justaugustus justaugustus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the tweaks, @saschagrunert!
/hold cancel

@k8s-ci-robot k8s-ci-robot added lgtm "Looks good to me", indicates that a PR is ready to be merged. and removed do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. labels Oct 11, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: justaugustus, saschagrunert

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [justaugustus,saschagrunert]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit f11f43c into kubernetes:master Oct 11, 2021
@k8s-ci-robot k8s-ci-robot added this to the v1.23 milestone Oct 11, 2021
@saschagrunert saschagrunert deleted the roadmap-update branch October 11, 2021 07:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@justaugustus justaugustus justaugustus approved these changes

@jeremyrickard jeremyrickard Awaiting requested review from jeremyrickard

@onlydole onlydole Awaiting requested review from onlydole

Assignees

@justaugustus justaugustus

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/documentation Categorizes issue or PR as related to documentation. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. sig/release Categorizes an issue or PR as relevant to SIG Release. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
v1.23
Development

Successfully merging this pull request may close these issues.
6 participants
@saschagrunert @PushkarJ @justaugustus @dims @reylejano @k8s-ci-robot