cdfoundation
/
toc
mirror of https://github.com/cdfoundation/toc
1
0
Fork 0
Code Issues Releases Wiki Activity
toc/docs/TOC_Meeting_Notes.md

78 KiB
Raw Permalink Blame History

CDF TOC Meeting Agenda

Logistics:

January 14, 2020:

December 17, 2019:

  • TOC Attendees:

    • Kohsuke Kawaguchi (Jenkins) [CHAIR] - not present

    • James Strachan (Jenkins X) - not present

    • Dan Lorenc (Tekton) - not present

    • Andy Glover (Spinnaker) - present

    • Tara Hernandez (Google) - present

    • Yoav Landman (JFrog) - not present

  • Other Attendees:

    • Dan Lopez (Linux Foundation)

    • Fatih Degirmenci (Ericsson Software Technology)

    • Kay Williams (Microsoft)

    • W. Watson - w.watson@vulk.coop (Vulk coop, cncf.ci, cnftestbed)

  • Agenda and Notes:

    • SIG-Security (Kay)

      • Resume biweekly meetings (post holidays) - Tuesday Jan 14, 8

        AM Pacific

      • Supply Chain Security/Compliance

{width="7.625in" height="2.2083333333333335in"}

Nov 19, 2019 :

  • TOC Attendees:

    • Kohsuke Kawaguchi (Jenkins) [CHAIR] - present

    • James Strachan (Jenkins X) - not present

    • Dan Lorenc (Tekton) - present

    • Andy Glover (Spinnaker) - present

    • Tara Hernandez (Google) - present

    • Yoav Landman (JFrog) - present

  • Other Attendees:

    • Fatih Degirmenci, Ericsson Software Technology

    • Alejandro Saucedo, Seldon / The Institute for Ethical AI &

      Machine Learning

    • Simon Kaegi, IBM

    • Katrin Runser

    • Kay Williams, SIG-Security, Microsoft

    • Kim Lewandowski, Google

    • Joel Friedman, Google

    • Jithin Emmanuel, Verizon Media

    • A

  • Agenda and Notes:

    • Recap of actions

      • Code signing certificate happened

        • Action: KK to ask Oleg to report back what they have and

          how other projects can join and use.

        • CDF will use Digicert as provider

        • New legal entity setup for code signing

    • Landscape

    • SIG-Security

    • Roadmap WG

      • Vote concluded

      • KK: need more people to join the brainstorming

      • KK: and then schedule the session

    • Screwdriver.cd vote

      • KK to send out one more reminder

      • Big change from the last time was the growth plan

      • Dan: Two TOC sponsors are missing

        • KK and Tara volunteered to sponsor

      • Kim: is there a doc that captures the process? Yes, at

        here but this is the first time so we are also debugging on the fly

    • CD Summit presentations

    • AOB?

      • Kim: wrt CDF program plan & goals, how are we supporting

        different projects?

        • We should have interview sessions to hear out projects.

          • Infra spend, code signing c

        • Kim: did we present devstats?

          • KK: I dont think so.

      • Jac: wed like to see annual report of what projects have

        delivered?

        • Goals are to help marketing and keep sponsors happy

        • Jac: Id love to hear where they need help [so that the

          rest of the org can rally around]

      • We want to have a closed-to-final version [of the annual

        report] within this year, to be published early next year

        • Kim: is there a version from CNCF that we can use as a

          reference? Yes

      • << Round table in-person intro >>

Nov 5, 2019 :

  • TOC Attendees:

    • Kohsuke Kawaguchi (Jenkins) [CHAIR] - present

    • James Strachan (Jenkins X) -

    • Dan Lorenc (Tekton) - present

    • Andy Glover (Spinnaker) -

    • Tara Hernandez (Google) - present

    • Yoav Landman (JFrog) -

  • Other Attendees:

    • Kay Williams (Microsoft)

    • Jacqueline Salinas (LF)

    • Dan Lopez (LF)

    • David Lai (Huawei)

    • Spencer Krum (IBM)

    • Matt Young (Puppet)

  • Agenda and Notes:

    • Recap of actions

      • Tara and DLz to propose a rotating call schedule

        • Tara: we kicked around a few ideas. Pending ack from

          DLz, which was given during the call. Itll come to the TOC list soon.

      • Kohsuke to initiate the telemetry review process for the

        Jenkins project

        • The main difference is opt-in/opt-out.

      • Kohsuke to ping James Strachan to check the status of

        Jenkins X wrt telemetry

        • KK: I did talk to others in the project, gave them a

          heads up, and confirmed that theres no collection today.

      • (CD summit NA meeting space): Jac to ping Emily to see if

        she can help with nearby hotels, etc.

        • DLz: looking hotels near the convention center. Will

          have a meeting tomorrow. Update will come afterward.

        • DLz: this will be Tue or Wed. Kay: I prefer Wed

    • Jac: CD summit

      • Weve asked volunteers to produce “pop up demos” from

        general members.

        • Weve only got DeployHub and Whitesource so far.

        • Please pass the words around, we want more.

        • Volunteer needs to provide all the equipment.

        • The idea is that if you have a booth at Kubecon and is

          willing to allocate some time in there to talk about the CDF/the ecosystem/etc, then Jac collects those and promote them.

    • SIGs, WGs

      • SIG-Security

        • SIG-Security meetings merged with SBOM meetings through

          end of the year

          • Kay: This will make attendance more convenient

        • Meetup at CD Summit / KubeCon?

          • Kay: venue is being planned. See above. Could be

            easily half day.

          • Agenda

            • Discuss overall Software Supply Chain framework

              • SBOM, Metadata Storage API, Update

                Framework, Policy Framework

              • SBOM, SPDX (software package data exchange —

                focus on license but itll be broadened), in-toto (currently under CNCF incubation) reconciliation

        • Software Bill of Materials (SBOM)

          • Working toward ISO Standard, hopefully in 2021. That

            road starts from OMG standard at the end of 2020.

            • Bob Martin from MITRE is helping with this

              journey

          • Draft specification

            • 11/11 Submission to OMG Architecture Board

          • New GitHub repo sig-security-sbom

        • DLz: this is really exciting!! When it gets more real

          happy to coordinate the PR activities

      • Roadmap WG

        • **ACTION: Kohsuke to send out an email to the TOC,

          hoping to get some +1s before we accept this.**

    • LF China

      • We have engaged LF China. Once the new Asia friendly TOC

        meeting time is chosen, DLz will give them a heads up

    • Screwdriver conversation

      • KK: updated the proposal with a link to the growth document

      • **ACTION: Kohsuke to call for a new round of votes and /

        Tara: +1**

        • Tara: I liked that they have inter-project engagement in

          there

      • DLz: New project incubation recruiting

        • Screwdriver coming in should help

        • DLz: we have 2-3 projects coming in.

    • DLz: Project Office Hours with CDF PM office

      • Have regular check-ins with project leadership periodically

        • Well start by understanding their needs first

        • Email was already sent to individual projects

      • I would also love to see inter-project collaboration picked

        up more at TOC

    • How do we hand-off the landscape maintenance?

      • Lets have this as a standing agenda in the TOC call

    • Code signing certificate of Jenkins

      • DLz: We have a new entity that can now obtain the key.

        ACTION: This will be coordinated this week.

    • See you in Kubecon!

Oct 22, 2019 :

  • TOC Attendees:

    • Kohsuke Kawaguchi (Jenkins) [CHAIR] - present

    • James Strachan (Jenkins X) - not present

    • Dan Lorenc (Tekton) - present

    • Andy Glover (Spinnaker) - present

    • Tara Hernandez (Google) - present

    • Yoav Landman (JFrog) - present

  • Other Attendees:

    • Dan Lopez (Linux Foundation)

    • Matt Young (Puppet)

    • Fatih Degirmenci (Ericsson Software Technology)

    • Jacqueline Salinas

    • Spencer Krum (IBM)

  • Agenda and Notes:

    • TOC Call to support APAC time zones (call for suggested times)

      • DLz: we just signed up Fujitsu (from Japan), and a few more

        people are asking for it

      • Tara: I was looking more into “engaging people behind the

        firewall”

      • A few people from Europe

      • Looks like we are looking into rotating the call

        • **ACTION: Tara and DLz to propose a rotating call

          schedule**

    • Telemetry policy

      https://www.linuxfoundation.org/telemetry-data-policy/

      • How about existing projects

        • DLz: The policy applies to all LF projects. No

          “grandfather” status.

        • DLz: “we want to be as flexible as possible” but

          suggests getting the review underway ASAP

        • Tara: I assume this has been driven by legal heat

        • **ACTION: Kohsuke to initiate the review process for the

          Jenkins project**

        • **ACTION: Kohsuke to add this to the TOC repo for

          blessing in the CDF**

      • Are there other projects that are collecting telemetry?

        • Andy: theres currently no telemetry collection

          happening in Spinnaker, theres an active conversation

        • DLc: nothing in Tekton

        • **ACTION: Kohsuke to ping James Strachan to check the

          status of Jenkins X**

    • Landscape

    • New Projects

      • Screwdriver.cd

        • Current status: they came back with the updated

          motivation doc.

          • **Next step: have Jiten update the proposal PR with

            this doc and call for a vote**

          • ACTION: Kohsuke to ping Jiten

      • new projects

        • DLz: Eiffel - they are asking how best to engage

        • DLz: Sonatype - Open discussions. KK/DLz need to get

          back to Brian @ Sonatype

        • Tara: I was at an event “Redeploy” (?) and met somebody

          from Netflix in the resiliency engineering and cooked a SIG idea. This conversation will happen this week. Andy knows him too

          • Andy: Resilience Engineering at Netflix is within

            Delivery Engineering (my org) and Im happy to make additional connections

    • SIGs, WGs

      • SIG-Security

        • DLc: update was sent to the TOC list. Look at that

        • Yoav: JFrog has some relevant stuff. DLc: Ido is

          involved

        • Tara: question — wrt security SIG, the expected outcome

          is a “specification” / BoM.

          • KK: would love to see the adoption of this in CDF

            projects

          • KK: as for Jenkins project, looking for contributors

            to drive the coding work forward

          • DLz: I recommend we start with “specifications”

            before we call it “standard”

      • SIG-MLOps

      • WG-Roadmap

        • KK: I need to move this forward. More PR massaging on

          wording to do.

    • Developer Ecosystem & Events

      • CDSummit NA updates

        • Jac: As of Oct 11, we are at 82 attendees registered. We

          are on track to sell out. Nice line up of sponsors to cover everything including lunch

        • Currently looking for cocktail hour sponsor. Need to

          find one till Oct 25th or there will be no booze!

          • One conversation in the mix, three more needed

          • $1500

          • Matt: Ill talk to my event people

        • DLc: what about meeting spaces during CD Summit NA?

          • DLz: CNCF informed me that the venue is

            fully booked.

          • **ACTION: Jac to ping Emily to see if she can help

            with nearby hotels, etc.**

      • Jac: We are rebranding Jenkins Area Meetup to CDF meetup

        • ?: how about pricing? Jac: we are pruning unused meetups

          to cut cost

        • Jac: we are giving them grace period to reboot till

          Jan 22.

      • Jac: we are organizing meetups in south bay & Israel with

        JFrog

      • Jac: DLc will represent CDF in upcoming Tokyo event

      • Webinar topics, call for participation

        • Jac: we are hoping to drive one webinar a month, will

          adjust based on the workload

        • DLz: there are some content queue lined up.

          • If you have content, go to Jac. Jac: Ill create a

            form and send a link.

      • Slack:

        https://join.slack.com/t/cdeliveryfdn/shared_invite/enQtNzk2OTgxNzY2NzkwLTQ3Zjg0OGJhZjdiMjlkMjZjZjJjN2EwZDg1Mjk3ODJkMzdmYjdmNTk0MWI2ZjI2MzgzNWExN2E3ZWExZGIyZDM

        • Jac: please join!

        • ACTION: Kohsuke to add a link to TOC readme

        • DLz: more automated notifications to come

    • Any other business?

Oct 8, 2019

  • TOC Attendees:

    • Kohsuke Kawaguchi (Jenkins) [CHAIR] - not present

    • James Strachan (Jenkins X) - not present

    • Dan Lorenc (Tekton) - not present

    • Andy Glover (Spinnaker) - not present

    • Tara Hernandez (Google) - present

    • Yaov Landman (JFrog) - not present

  • Other Attendees:

    • Dan Lopez (Linux Foundation)

    • Jacqueline Salinas (LF/CD Foundation)

    • Tracy Miranda (CloudBees) - not present

    • Matt Young (Puppet)

    • Kara de la Marck (CloudBees) - not present

    • Fatih Degirmenci (Ericsson Software Technology) - not present

    • Benjamin Brial (Cycloid) - not present

    • Tracy Ragan (Deploy Hub) - present

    • Kay Williams (Microsoft) - present

  • Agenda and Notes:

    • Landscape review (Tracy Ragan):

      • Requests approval to move landscape forward (now published),

        needs infra support to help companies create PRs, and review

        • TOC should be responsible for this -- start with

          reviewing PRs in TOC meetings, but if traffic gets heavy review other options (paid resource?)

      • Question: CNCF landscape has duplication of the same

        company/products in different categories. What policy does the CDF want to have/support with regards to this.

        • Dan Lopez: be clear about rational for this either way

          (review of CNCF policy)

          • Tracy recommends we discourage multiple categories

            -- focus on core competency of each tool/project

        • Need to ensure we have commitment to maintenance,

          (overseen by TOC?)

        • Dan: landscape entries dont necessary have to be member

          organizations (based on CNCF precedent)

          • Complimentary offerings (integrations, i.e.)

          • Also recruit opportunities for OSS projects for

            incubation

          • “Projects” must be OSS but commercial products can

            be listed in discipline categories -- logos need to be clear on this

          • We should also identify airgaps where we want to

            solicit

        • TracyR: provided quick review of categories

          • Tara and team agree there is some overlap

        • Dan Lopez: Like to have this out and published by Oct 22

          and available by Kubecon NA

      • Recommendation to announce to members to add logos via PRs

        • Tara to take care of this with Dan Lopez review

    • TOC Minutes to Github (Tara Hernandez)

      • Tara H: Going to go ahead and start doing this, post-meeting

        convert live gdoc notes into .md file(s)

    • Telemetry discussion (Dan Lopez)

      • What are projects doing, wanting to do

      • best practices, standards, specs

      • Legal considerations incl GDPR

      • Missing some key TOC folks -- followup on this next meeting

        • Need to understand what information we want to capture

          and figure out least invasive way to achieve it

        • Triggering regulatory controls Would Be Bad(™)

Sep 24, 2019

  • Friendlier meeting time for our APAC friends? (Dan Lopez)

  • TOC Attendees:

    • Kohsuke Kawaguchi (Jenkins) [CHAIR] - present

    • James Strachan (Jenkins X) -

    • Dan Lorenc (Tekton) - present

    • Andy Glover (Spinnaker) - not present

    • Tara Hernandez (Google) - not present

    • Yaov Landman (JFrog) - not present

  • Other Attendees:

    • Dan Lopez (Linux Foundation)

    • Tracy Miranda (CloudBees)

    • Fatih Degirmenci (Ericsson Software Technology)

    • David Lai

    • Jacqueline Salinas

    • Matt Young (Puppet)

  • Agenda and Notes:

    • Security SIG

      • Next steps for Security SIG -- founding team?

      • Updates

      • DLc: people involved are at a f2f meeting. Im not surprised

        they are not here

      • DLz: bi-weekly meeting will commence in Oct, along with the

        logistics setup.

        • Done: ACL, repository. (this has been done b/w Tara

          & DLz)

        • Goal is to use Wiki as a scratch documentation place,

          but the formal doc will be in markdown in Git repo

      • DLz: we are planning a media announcement of the effort

        • KK: this reminds me itd be great for us to have a voice

          as blog / TDM: “developer voice”

          • DLz: if you write one or recruit people to write

            ones, thatd be great! Just put them in GDoc or something and send it on our way

    • TDM: CD Summit

      • Agenda is live -

        https://cds2019.sched.com/

      • Please register now (only 200 spaces)

      • TDM: Christie and I are co-chairing. We got 50+ submissions

        against 15 slots. Im very happy with the schedule — great sessions. Thanks to people who reviewed sessions.

      • DLz: there will be some media announcement on this as well

      • DLc: theres also codefresh CI/CD summit happening on the

        same day. Just FYI.

      • TDM: if you are coming, plan to stick around in the evening.

        Some activities are being planned.

        • TDM: member companies who have booth will run some

          guerilla sessions related to the CDF and well stitch them together into one “virtual” event

      • DLc: can we plan an in-person meeting for SIG/TOC/GB?

        • Probably during the main show

        • ACTION: DLz to inquire from Emily

    • Roadmap WG

      • FD: I was looking for wording to be more explicitly invite

        anyone involved in space.

      • DLc: That part of the text was a little unclear

      • Next step: KK to resolve FDs comment by massaging the text,

        plus produce a few samples

    • CDF & Outreachy - project deadline 24th Sep - thats today!

    • Fatih: CDF TOC meetings are not showing up in the public

      calendar

      • ACTION: Jacqueline to look into this

    • MLOPs Working Group

Sep 10 (?)

  • TOC Attendees:

    • Kohsuke Kawaguchi (Jenkins) [CHAIR] - not present

    • James Strachan (Jenkins X) -

    • Dan Lorenc (Tekton) - present

    • Andy Glover (Spinnaker) - present

    • Tara Hernandez (Google) - present

    • Yaov Landman (JFrog) -

  • Other Attendees:

    • Dan Lopez (Linux Foundation)

    • Tracy Miranda (CloudBees)

    • Matt Young (Puppet)

    • Kara de la Marck (CloudBees)

    • Fatih Degirmenci (Ericsson Software Technology)

    • Benjamin Brial (Cycloid)

  • Agenda and Notes:

    • Friendlier meeting time for our APAC friends? (Dan Lopez)

-   Next steps for Security SIG -- founding team?

    -   *https://github.com/cdfoundation/sig-security*

    -   [*https://github.com/cdfoundation/sig-security/blob/master/.github/settings.yml*](https://github.com/cdfoundation/sig-security/blob/master/.github/settings.yml)

-   CDF & Outreachy

    -   [*CDF Projects in Outreachy
        > 2019*](https://docs.google.com/document/d/1WLTEbDOyrdr6TeDghHe1_1_D7W3h7gZ4pSxEP53FMhk/edit?ts=5d681d47#).

        -   Kara de la Mack - Jenkins X coordinator

            -   Advocate for program as a way of building community,
                > particularly for mentor best practices as an
                > ongoing effort for projects

            -   Recommends at least 2 well-defined projects as part
                > of successful recruitment

                -   Even if you only pay for one intern, there may
                    > be some fund matching from outreachy to help

        -   Tara Hernandez - Tekton coordinator

            -   Still working on setting up projects

        -   Christie Wilson - Tekton mentor

        -   Tracy Miranda - Jenkins coordinator

    -   Sept 5 was the deadline for signing up for the intern
        > program

        -   Jenkins, Jenkins X, Tekton all signed up

-   CDF Contributor Summit

    -   [*Talks
        > repo*](https://github.com/cdfoundation/presentations/tree/master/2019-contributor-summit-sf) -
        > please add your talk links!

-   CD Summit NA

    -   [*Call-for-papers*](https://linuxfoundation.smapply.io/prog/continuous_delivery_summit_north_america_2019_/)
        > closes this Friday

-   Schedule time for demo of LF CommunityBridge

    -   Dan Lopez/LF Product team (DLopez)

    -   Manage crowdfunding, internships etc

-   Discuss possible alternative to Google Docs for meeting minutes
    > to support intl members (tara hernandez,tracy miranda)

-   Create a roster of whos where, and a survey of what times work
    > best

Aug 27, 2019

  • TOC Attendees:

    • Kohsuke Kawaguchi (Jenkins) [CHAIR] - present

    • James Strachan (Jenkins X) - not present

    • Dan Lorenc (Tekton) - not present

    • Andy Glover (Spinnaker) - present

    • Tara Hernandez (Google) - present

    • Yaov Landman (JFrog) - not present

  • Other Attendees:

    • Dan Lopez (Linux Foundation)

    • Ray Paik (GitLab)

    • Matt Young (Puppet)

    • Jeff Zhu (Futurewei)

    • Fatih Degirmenci (Ericsson Software Technology)

    • Wolfram Kramer (SAP)

    • Kay Williams (Microsoft)

  • Agenda and Notes:

    • Vote on CDF Security SIG

    • Screwdriver update

      • << KK provided updates >>

    • Create Roadmap

      • Projects, priorities

      • DLpz: Chris & I were talking about this, looking at how CNCF

        did this roadmapping. Establish the area that we want to attack — specs, conformance, etc. CDF should have that, too.

        • KK: challenge I had was to find projects with passionate

          backers, as opposed to “wish list of things wed love to see”

        • KK: if we frame this as “call for projects” to clarify

          what we are looking for, that might encourage people out there to step up

        • DLpz: I like Taras “reference architecture” idea.

        • Kay: There are some projects in CNCF that I think are

          good fit for the CDF. Shouldnt we be talking with them to have them come over?

          • Kay had a specific project in mind

          • Tara: maybe we look at the ecosystem map and that

            might give us the list

          • KK: maybe we can start by giving more visibility and

            facilitate collaboration between CNCF projects and CDF projects/efforts.

          • DLpz: Chris / Dan to discuss WG on cross-foundation

            collaboration

        • Tara: Id like to see smoother migration from non-cloud

          to hybrid cloud easier.

          • KK: +1.

          • Tara: this will help useful differentiation

          • AG: I think “hybrid” is important. That prevents

            people from getting an impression that this is cloud vendors play

        • KK: common format — e.g., test spec

        • KK: call out more specific projects in the SDLC like

          artifact manager, test frameworks, code coverage, etc.

        • **Lets form a WG so that we can get people to spend

          their focused time brainstorming**

        • KK: provisioning / Tara: environment management

          • This happens all the time. This wheel is

            getting reinvented.

          • New team comes onboard and DPE folks are trying to

            automate the setup of Jenkins, JIRA, K8s namespace, ...

    • Matt: Do folks need help with CFP reviews or summit prep?

      • Matt: Puppet is willing to help.

      • DLpz: you should talk to Tracy Regan @ the outreach

        committee

      • DLpz: Im calling attention to the timing of CfP

        • DLpz: Diversity, inclusion is getting worked on by the

          GB, if you have thoughts, send it to me

        • Attendance? Projects?

        • KK: calling attention to diversity in terms of geos of

          companies who participate. CDF participants are often companies, not individuals.

        • TH:

    • AOB?

      • Fatih: I have Q around TOC contributors. I read [*the

        document*](https://github.com/cdfoundation/toc/blob/master/CONTRIBUTORS.md). Is that only for member companies?

        • I issued a PR to add myself to this but no responses for

          3 weeks

        • KK: lets make sure these things dont go unnoticed

          • TH & KK to make sure notification setup is done

            properly

Aug 13, 2019

  • TOC Attendees:

    • Kohsuke Kawaguchi (Jenkins) [CHAIR]

    • James Strachan (Jenkins X)

    • Dan Lorenc (Tekton) - present

    • Andy Glover (Spinnaker)

    • Tara Hernandez (Google) - present

    • Yaov Landman (JFrog) - present

  • Other Attendees:

    • Kay Williams (Microsoft)

    • Ravi Lachhman (Harness)

    • << fill your names here please >>

  • Agenda and Notes:

    • Screwdriver next steps

      • Tara: what Ive heard is that the engagement with the

        community wasnt the first priority. It felt a bit like “coming here for the sake of it.” It felt like a vanity contribution.

      • DLc: I share some of the same concerns with Tara

      • KK: I suggest I drive a further conversation. I feel like

        our goals are still aligned in terms of bringing them onboard.

      • Yoav/KK: theres a bit of chicken and egg problem. Others:

        +1

    • [*Security SIG

      proposal*](https://docs.google.com/document/d/1QHD628FJ4s9lyWtPUtzdTr2fbmnhyuB_908cfsJzDqU/edit)

      • Kay: Dan & I chatted yesterday and Im going to create a PR.

        Thats already there.

      • Whats the next step? -> discussion from the group

        • Kay to send out email to call out people to chime in or

          be ready to vote

      • KK: Ive heard this effort in MITRE under the OMG umbrella

        • Kay: I think what Ive heard is the same lead

        • Yoav: Im interested

        • KK: Ill connect us all in that email

    • Updates from the CDF contributor summit

      • << KK rambled a bit. Will write an email >>

      • Kay: I got a similar impression. The CDF is still new

      • Tara: dont over emphasize development, and instead

        highlight other functions, like infra, quality, process, … are welcomed and they are needed.

        • Be overt about those. Advertise them.

July 30, 2019

  • TOC Attendees:

    • Kohsuke Kawaguchi (Jenkins) [CHAIR] - traveling

    • James Strachan (Jenkins X) - not present

    • Dan Lorenc (Tekton) - present

    • Andy Glover (Spinnaker) - present

    • Tara Hernandez (Google) - not present

    • Yaov Landman (JFrog) - present

  • Other Attendees:

    • Dan Lopez (Linux Foundation)

    • Tracy Miranda (CloudBees)

    • R Tyler Croy (Jenkins)

    • Spencer Krum (IBM)

    • Kay Williams (Microsoft)

    • Ray Paik (GitLab)

    • TODO

  • Agenda and Notes:

    • CDF Contributor Summit, Mon Aug 12, San Francisco

    • DevOps World | Jenkins World

    • RFC: Screwdriver:

      https://github.com/cdfoundation/toc/pull/22

      • Call a vote?

    • Outreachy Internships

      • Next round is December 2019 to March 2020

      • Sept 5 is deadline for community sign up

      • Jenkins project has participated in last 2 rounds (4

        different Outreachy interns)

      • How:

        • Need to identify mentors and scoping 12 week projects

        • Can be for more than just code (docs, design, etc.)

    • Friendlier meeting time for our APAC friends? (Dan Lopez)

      • Suggestion is to have an additional or augmented meeting

        time

    • Annual goals from the TOC? (Dan Lorenc)

      • Place in Github project/milestones

      • Goals related to:

        • Interoperability, standards, specs, conformance

        • forward-looking strategy

        • security

        • project hygiene/infrastructure

    • Working Group Proposal Status

    • Jenkins from SPI status (rtyler)

      • What is the status of transferring assets?

      • Chris A. was tracking this.

      • This is taking longer than anyone expected, Jenkins has some

        budget items it needs to resolve

July 16, 2019

  • TOC Attendees:

    • Kohsuke Kawaguchi (Jenkins) [CHAIR] - traveling

    • James Strachan (Jenkins X) - not present

    • Dan Lorenc (Tekton) - present

    • Andy Glover (Spinnaker) - not present

    • Tara Hernandez (Google) - not present

    • Yaov Landman (JFrog) - present

  • Other Attendees:

    • Dan Lopez (Linux Foundation)

    • Tracy Miranda (CloudBees)

    • Ray Paik (GitLab)

    • Kay Williams (Microsoft)

  • Agenda and Notes:

    • DLc: [*Working group

      proposal*](https://github.com/cdfoundation/toc/pull/21)

      • Kay Williams to send out and link the prototype Security SIG

        proposal (done)

    • Screwdriver proposal:

      https://github.com/cdfoundation/toc/pull/22

    • CDF Contributor Summit, Mon Aug 12, San Francisco

      • Jenkins -

        Register

      • Jenkins X -

        Register

      • Tekton -

        Register

      • Also planning events at main DevOpsWorld

        • Booth, talks from member projects and companies

    • CFP for CD Summit San Diego coming up next

      • Reach out to Tracy if you want to participate in the program

        committee

      • Open up CFP process

    • <dlorenc@google.com to figure

      out permissions on this doc>

    • DLc: EasyCLA - Tekton

      • LF is launching a new project called EasyCLA

      • Automates a Github Bot to handle signatures for CLA per

        project

      • Starting implementation for Tekton

      • This should be useful for other projects going forward as

        well

      • TOC should drive requirement around CLA best practices

July 2, 2019

  • TOC Attendees:

    • Kohsuke Kawaguchi (Jenkins) [CHAIR] - present

    • James Strachan (Jenkins X)

    • Dan Lorenc (Tekton) - present

    • Andy Glover (Spinnaker) - present

    • Tara Hernandez (Google) - on vacation

    • Yaov Landman (JFrog) - present

  • Agenda and Notes:

    • Screwdriver.cd team to

      present to TOC

      • [*Presentation

        PDF*](https://drive.google.com/file/d/0B5ImblZwZHW4X2FFOWZiUDNuckVtODRXeUtwQnJ0MGdmM3dF/view?usp=sharing)

      • People from Verizon Media = Yahoo + AOL

        • Gyehuda, Ashley, Rosalie

        • Venugopal, Jithin Emmanuel - Product Owner,

      • We built this project in the hope its useful for others

      • We wanted to build a system that involves no humans

      • Used across the portfolio of VM companies

      • Origin is 2012 at Yahoo

      • Pipeline as Code

      • Initially this was orchestrator on top of Jenkins, then we

        hit the wall, so we rebuilt it

      • We wanted to make sure it works at the scale of Yahoo

      • The result of rewrite got open-sourced in 2016

      • << architecture diagram in the presentation >>

      • Can use different executor to actually carry out builds -

        Docker, K8s, even Jenkins

        • Better isolation based on HyperContainer

      • Usage

        • << usage within VM in a slide >>

      • Features - lots from http://cd.screwdriver.cd/

        • (scribe got distracted sending questions and failed to

          take notes)

        • Analytics of where time was consumed

        • Templates

        • Commands as low level atomic building blocks. SauceLabs

          & FOSSA integration through that

      • Contributors

        • Yahoo Japan is the other contributors. They work

          independently from us, except for bi-weekly sync. (Despite the name Y!J is a separate entity.) They have been with the project since early on.

        • Various PRs from outside

      • Governance

        • Weekly sync between two companies appear the main

          decision making process

        • Documents and Kanban board on GitHub to record/support

          those

      • Gyehuda: Not duplicating the effort is why we came here

      • Andy: alignment with VMs interest?

        • J: This software is providing what we need. Thats what

          we get out of it

      • KK: experience as an open-source project in the past 3

        years?

        • G: Our goal wasnt so much to get “million contributors”

        • “Now is the right time to grow”

          • G: We see this as an opportunity to expand to more

            “partners”

          • J: We were not focused on users outside VM either,

            but thats something we are working on

          • VM built out an awesome OSS office. Rosalie: Ive

            been full time on OSS office, and screwdriver is one of my key projects

    • DLc: [*Working group

      proposal*](https://docs.google.com/document/d/1c33ML-lLCewrDjGxCisRxbwqcl21kmAjJ62GbgAaRFY/edit#heading=h.j6l535d46l0s)

      • Ive added SIGs in addition to the WGs now

      • Please comment in the next few days, so that Dan can turn

        this into a PR early next week

      • Kay has already put together a SIG around security

June 18, 2019

  • TOC Attendees:

    • Kohsuke Kawaguchi (Jenkins) [CHAIR]

    • James Strachan (Jenkins X) (absent)

    • Dan Lorenc (Tekton)

    • Andy Glover (Spinnaker) (Im here!)

    • Tara Hernandez (Google) (Here!)

    • Yaov (JFrog) (absent)

  • Agenda and Notes:

    • DLc: [*Working group

      proposal*](https://docs.google.com/document/d/1c33ML-lLCewrDjGxCisRxbwqcl21kmAjJ62GbgAaRFY/edit#heading=h.j6l535d46l0s)

      • AI: DL: Im going to work on the other SIG like proposal

      • DL: I had the security delivery chain WG in mind

      • The infra usage metrics collection stuff could be a good fit

      • Any thought behind “3 member companies” bar?

        • DL: Not too much, 2 could do, too

      • DLz: we should be prescriptive of the communication channels

      • DLz: CoC should apply to WGs

      • DL: I was trying to avoid zombie WGs. If any of this came

        across heavy handed, thats why

        • Perhaps quarterly status updates

    • DLc: Metrics collection for CDF projects (see email thread)

      • Can the CDF help here with infrastructure? This wouldn't be

        anything we "impose", just a framework and infrastructure projects can use.

      • TravisT: we are looking for how to instrument Spinnaker (and

        possibly beyond to other CDF projects) to collect usage info in privacy centric way

      • Step 1: whats the prior art in this space?

        • AI: theres some more discoveries

        • **AI: DLc: I think K8s did something — Ill find out who

          did this.**

      • Step 2: if not, what should we do? What do we want?

        • TT: Im willing to drive this forward

        • TT: Ive heard from somebody from Armory.io about their

          input

        • KK: Id love to hook somebody in the Jenkins project up

          here to help

        • AG: we need the LF input and policy around PII, policy,

          what members get access, etc.

        • DLz: Im happy to talk to Chris A and Mike D

          (LF people). We should have a call.

        • AI: TT to start gathering Spinnaker requirements

    • KK: upcoming active committer rep to the GB

      • Nomination

        • DLz: We have some nominations. Ill send this out to

          the group.

      • Voting eligibility

        • DLz: its up to the TOC to decide.

      • DLz: lets aim for the end of the month. June 28th.

    • Whos going to be in Shanghai?

      • DLc, Tara, a bunch of CB folks (Alyssa, JamesR, Carlos),

        Chris A

June 4, 2019

  • TOC Attendees:

    • Kohsuke Kawaguchi (Jenkins) [CHAIR]

    • James Strachan (Jenkins X)

    • Dan Lorenc (Tekton)

    • Andy Glover (Spinnaker)

    • Tara Hernandez (Google)

    • Yaov (JFrog)

  • Agenda and Notes:

    • Welcome

      • Yoav: (he didnt make it this time)

      • Tara

        • Doing dev tools & infra for decades. Originally built

          Tinderbox (cause tree is always on fire), that led to CircleCI.

        • Did bonsai (because branch control)

        • My focus has been tooling & support of engineering

          culture (from the eng mgmt side)

        • I get to work with Jez Humble recently, who joined GOOG

          through acquisition

        • I know Tracy Miranda (CloudBees, director of community)

        • Im probably the least nerdy

    • CD Summit Videos online:

      https://www.youtube.com/playlist?list=PL2KXbZ9-EY9RB8bVvmiSOqB39eNMs-fAe

      • Dan: TOC & WG sessions will go there as well

    • Contributor.md maintenance

    • Code of conduct review

      • https://github.com/cdfoundation/toc/blob/master/CODE_OF_CONDUCT.md

      • Dan: I wanted to give people the awareness

      • KK: Is this intended to apply to projects, right? Dan: Yes.

      • KK: This is the first time the CDF “imposes” something to

        projects, so this should be pre-negotiated.

        • AG: Spinnaker has the existing CoC policy. Im curious

          how different they are.

        • JS: JX doesnt yet have but we meant it, so this

          is great.

        • << sounds like unifying this is not hard >>

      • Tara: this is important stuff, Im happy to contribute

      • Dan: the reporter email address should be swapped out

        to something. Its currently me.

      • **AI: KK to initiate the thread & sell the idea of unifying

        CoC across the member projects & why thats beneficial for all of us**

      • Spencer: Where is that alias go?

        • KK: I think we should create the private TOC list and it

          should go

      • We the TOC are responsible to resolve this

      • Spencer: how does the organizational memory get passed on

        when TOC rotates

        • KK: stagger, and archive

    • Call to action: interested project proposals!

      • Dan: now that we have the project proposal is in place,

        lets do this

      • Screwdriver.cd & Huaweis CDDL

      • Tara: I talk to lots of fellow release nerds, they have bits

        of pieces of stuff that they like to open-source. Can we provide the guidance?

      • AI: Tara to start a thread on this. KK: Ill chime in.

    • Events

      • Upcoming

        • Spencer: FYI, C

        • Tara: C in SF, small scale sponsorship could be small

          amount

    -   Listing presentations on github

    -   Dan: Theres an opportunity to have a co-located event in
        > [*OS
        > Summit*](https://events.linuxfoundation.org/events/open-source-summit-north-america-2019/attend/).
        > Contributor focused events.

        -   Dan: Im discovering what that event team can do for us

    -   Dan: lunch & beer will attract people. Spencer: I can
        > ~~make~~ ask IBM do something for us! :)

    -   The conversation is ongoing to expand existing Jenkins & JX
        > contributor event to include Spinnaker (and hopefully to
        > Tekton as well) end of August.

        -   **AI: KK to connect Alyssa with Dan.**

-   Dan: Meetups

    -   A few conversations ongoing to support community meetups.
        > Specifically, transitioning to Meetup Pro. Jenkins Area
        > Meetup would be the guinea pig for this.

        -   Dan: this is the conversation between Tracy so far. If
            > anyone wants to chime in, let me know

        -   KK: Id love to see the execution plan when things get
            > to that point.

    -   Dan: theres an upcoming meetup planned in San Jose. Dan to
        > coordinate with Tracy.

-   Standards/Specs Workgroup

    -   Dan: FYI, there has been a couple of email threads/dialogs
        > that led me to believe theres an interest for this

    -   **AI: DLop & DLor are talking to bring the initial proposal,
        > which should include some justification etc to let others
        > react**

-   Update on operations

    -   Director of Ecosystem

        -   DLop: tracking toward bringing somebody onboard.
            > Starting date incoming in the next few days.

    -   PR/Media comms team

        -   DLop: this is coming into shape. By next call, they
            > should be onboard.

        -   When ready, they can start taking over social media,
            > whitepapers, blog posts, etc.

    -   DLop: I want everyone to look at cd.foundation to identify
        > missing content. I want to create a “CRM process” — lead
        > gen form to drive more membership, participation
        > in events.

-   Tara: are folks going to Shanghai? Im going

    -   KK: I know some folks from the Jenkins project is going

    -   Spencer: I know some IBM folks are going (JJ?)

    -   AI: Tara to send out a short email asking on this, and KK &
        > Spencer to forward that to the folks they know to get
        > stuff connected in a recorded format

-   **AI: fix the permission of this doc to include Tara**

May 21, 2019

  • Cancelled due to a collision with Kubecon, where a lot of TOC

    members have gone to

May 7, 2019

  • TOC Attendees:

    • Kohsuke Kawaguchi (Jenkins) [CHAIR]

    • James Strachan (Jenkins X)

    • Dan Lorenc (Tekton)

    • Andy Glover (Spinnaker)

    • Tara Hernandez (Google)*

    • Kris Nova (VMware)*

  • Agenda and Notes:

Apr 23, 2019

  • TOC Attendees:

    • Kohsuke Kawaguchi (Jenkins) [CHAIR]

    • James Strachan (Jenkins X)

    • Dan Lorenc (Tekton)

    • Andy Glover (Spinnaker)

  • Agenda and Notes:

    • Review of action items from the last week

      • KK: Finalize TOC principles for vote next week on mailing

        list

        • End of the vote is one week after calling of the vote

      • ALL: Continue revisions on project proposals

      • TDM: poke Jenkins X to list up infra requirements to

        doc

        • JS: Im looking at this

    • FYI: CDF GB met last week for the first time, approved initial

      budget

    • FYI: CDF GB is picking 2 TOC slots

      • Voting ends: Wednesday, May 1, at 5pm Pacific Time

    • [*FYI: CDF Summit at KubeCon EU on May

      20th!*](https://events.linuxfoundation.org/events/kubecon-cloudnativecon-europe-2019/co-located-events/) (remember to REGISTER)

      • CA: we sold out 200, we bumped up 300. But even that is to

        sell out by the next week

    • [*FYI: CDF Summit at KubeCon China on June

      24th*](https://www.lfasiallc.com/events/kubecon-cloudnativecon-china-2019/co-located-events/) in Shanghai (remember to REGISTER)

      • CA: Therell be CfP soon

      • KK: This is public, right? CA: Yes, you can tell people!

      • CA: this is day 0 - Monday.

    • FYI: New CDF Program Manager [*Dan

      Lopez*](https://www.linkedin.com/in/danlopez/) starting April 29th!

      • CA: he should be here in the next TOC meeting

      • CA: we are also hiring “Director of community/ecosystem.” If

        you know someone good, send them on our way.

        • AG: where is the job description? **AI: CA to share the

          job description**

    • Call for vote on

      principles

    • [*Project proposal

      process*](https://github.com/cdfoundation/toc/pull/3/files) discussion + queue for approval

      • Several outstanding comments — whos court the ball is in?

        • @cra addressed some comments, still WIP

        • CA: TOC members are welcome to make edits to this draft.

          So the ball is in the collective court of the TOC members

      • We want to aim for the vote to begin in the next TOC meeting

      • DL: We still believe in vendor neutralness but well stop

        short of calling specific criteria

      • Discussion about “2 sponsors” → we will keep this

        • There will be 7 TOC members by the end of May (currently

          there are only 4)

      • AI: DL to make a pass on this today or tomorrow

    • Q & A

      • DL: how is the legal committee going?

        • CA: this is being set up as we speak.

        • **AI: CA: create legal@cd.foundation for inbound

          legal questions.**

      • Next meeting will be May 7th.

Apr 9, 2019

  • TOC Attendees:

    • Kohsuke Kawaguchi (Jenkins) [CHAIR]

    • James Strachan (Jenkins X)

    • Dan Lorenc (Tekton)

    • Andy Glover (Spinnaker)

  • Agenda and Notes:

    • [*FYI: CDF Summit at KubeCon EU on May

      20th!*](https://events.linuxfoundation.org/events/kubecon-cloudnativecon-europe-2019/co-located-events/) (remember to REGISTER)

      • This is happening in Shanghai as well. What role does the

        TOC want to have in curating the agenda? [dlorenc]

        • Independent program committee - driven by community

        • Volunteers for committee

        • mailing list for program discussions - TOC list for now

    • TOC Principles

      approval?

      • AI: Finalized draft with async vote next week on ML

    • [*Project proposal

      process*](https://github.com/cdfoundation/toc/pull/3/files) discussion + queue for approval

      • << more notes here & AIs in the linked PR >>

      • MW: I dont think vanity metrics like GitHub star

        is valuable. I know Jenkins has metrics that goes one step further. It would be nice for us to mandate a higher bar here

        • KK: in Jenkins this is held together in a duct tape

      • Next step for Chris to make some edits based on feedback.

    • Gathering infrastructure requirements from projects, see

      doc

      • RT: I was looking to identify commonality between them, see

        if theres a room for consolidation

      • RT: input from Jenkins X is needed / **TDM to follow up with

        them**

      • CLA bot unification? [dlorenc]

        • Up to projects. If you want to keep Apache style CLA

          bot, we can use the LF CLA bot.

        • CA: or Developer Code of Origin: (Linux kernel style

          “Signed-Off-By” header), but projects counsel might disagree

        • Ping Chris to get moved over

    • First CDF GB meeting on April 18th (they will select 3

      TOC candidates)

      • Nomination period, votes coming up after

      • Potentially within 3 weeks

    • AG: big companies often call us to ask if they have permission

      to use Spinnaker logo. In the CDF world who gives the authoritative answer?

      • CA to create FAQ entry. In the future, we need to create a

        trademark policy. Thats up to GB.

    • Action Items:

      • KK: Finalize TOC principles for vote next week on mailing

        list

      • ALL: Continue revisions on project proposals

      • TDM: poke Jenkins X to list up infra requirements to

        doc

Mar 26, 2019

  • TOC Attendees:

    • Kohsuke Kawaguchi (Jenkins) [CHAIR]

    • James Strachan (Jenkins X)

    • Dan Lorenc (Tekton)

    • Andy Glover (Spinnaker)

  • Other Attendees:

    • Sheroy Marker

    • Fatih Degirmenci

    • Tyler Croy

    • Michael Winser

    • Tracy Miranda

  • Agenda and Notes:

    • Welcome!

      • Andy Glover: Netflix, Spinnaker, Bay Area

      • James Strachan: Jenkins X, the UK, 150 miles west of London

      • Dan Lorenc: Google, Tekton

      • Sheroy Marker: head of tech, ThoughtWorks, Bay Area

      • Fatih Degirmenci: Ericsson but Im here as individual,

        Sweden

      • Kohsuke Kawaguchi: aka KK, Jenkins guy, the bay area

      • Chris Aniszczyk: LF “behind the scenes guy”

      • Tyler Croy: Jenkins board member, US west coast

    • CDF TOC Meeting Cadence? (every 2 weeks to start?)

      • AGREED: 2 weeks same time of the week (2nd and 4th Tue at

        9am PT)

      • DL: in person meetings where we can?

        • Lets pencil this in — AG: I havent made my plan yet

        • CA to look into logistics a bit

        • CA: itd be nice to have a face-to-face between CNCF &

          CDF TOCs

    • CDF TOC Values/Principles (see

      doc)

      • People seem to be happy of the current version

      • Next step: turn this into GitHub PR, a round of comments and

        updates, and vote in the next TOC meeting.

      • **DONE:

        ACTION: Kohsuke to turn this into a PR**

    • CDF TOC Project Acceptance Process (see

      example and end of values document)

      • CA: [*I added this starting point in the

        doc*](https://docs.google.com/document/d/1s1vF0bEvlKk7bgra2-456eNU_uknZQ8l3HMc797ApJo/edit#heading=h.cqpstx8vnye0)

      • DL: is the long queue in CNCF because of its process?

        • CA: I dont expect that many projects in here

        • AGREED: thats not a problem for us for now

      • On maturity levels

        • DL: there are implications of maturity levels to TOC

          seats

          • KK: having three stages help here — incubating &

            graduating projects are eligible for seats?

        • What do different groups to during incubation

        • AG: anything you dont recommend from copying CNCF?

          • CA: if early stage project is important, just

            copy it. If not, we can cut that part out

          • << opinions seem to be favoring omitting

            sandbox >>

          • Can be added later, but removing a box is harder

          • KK: if we do without sandbox, there needs to be some

            adoption/maturity criteria for the incubating

        • AGREED: omit sandbox for now. Two stages

        • Next step: add meat to those two stages.

    • FYI: First CDF GB meeting will be April 18th (GB will host TOC

      election for their slots)

      • CA: we expect GB to send us 3 more people. 2 slots left

        “back-pocketed” for new projects

        • Election would probably take 2 weeks to run

      • **CA: if we have candidates we want, we should propose that

        to GB**

        • CA: think about diversity inclusion.

        • CA: end user representatives are valuable

        • CA: we can also reach out publicly

        • KK: lets think about people we want here

      • AG: how about staggered terms?

        • CA: at CNCF we did a lottery to decide who gets 1 year &

          2 year to create staggers. This will happen after GB sends the rest of people

    • Q&A

      • DL: CDF Summit quick update (co-located with

        Kubecon Barcelona)

      • AG: whats the expected updates to projects?

        • CA: No need to change package names, namespaces, etc

        • CA: website update expected.

      • TC: Jenkins team will have a meeting with LF infra team.

        Would Spinnaker folks be interested in aligning?

        • CA: lets discover what the needs are

        • AG: I think about Travis, Artifactory, Discourse, Slack,

        • CA: Lets collect requirements. Lets start Google Doc

          and throw things in there to start with

          • TC: Ill start the doc & add Jenkins stuff here

          • CA: this would be a good place to also list up

            assets slated for transfer

    • ACTIONS

      • (see 4 action items above, bold lined)

      • CA: any budget related things, let me know before the first

        GB meeting

        • CA: we prefer projects to come with specific asks

        • Lets get baseline of whats being spent today

      • CA: we are looking to hire somebody as “program manager”

      • DONE: Dan to turn the invite into recurring

      • DONE: CA to setup Zoom & recording

Future Agenda Items (please use as template):

  • TOC Attendees:

    • Kohsuke Kawaguchi (Jenkins) [CHAIR] - not present

    • James Strachan (Jenkins X) -

    • Dan Lorenc (Tekton) - not present

    • Andy Glover (Spinnaker) - present

    • Tara Hernandez (Google) - present

    • Yaov Landman (JFrog) -

  • Other Attendees:

    • Dan Lopez (Linux Foundation)

    • Tracy Miranda (CloudBees)

    • Matt Young (Puppet)

    • Kara de la Marck (CloudBees)

    • Fatih Degirmenci (Ericsson Software Technology)

    • Benjamin Brial (Cycloid)

    • Jacqueline Salinas

    • Tracy Ragan (Deploy Hub)

  • Agenda and Notes: