Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Proposal] CNCF Mentorship proposals #1058

Open
12 tasks
jkjell opened this issue Apr 19, 2023 · 6 comments
Open
12 tasks

[Proposal] CNCF Mentorship proposals #1058

jkjell opened this issue Apr 19, 2023 · 6 comments
Labels
proposal common precursor to project, for discussion & scoping triage-required Requires triage

Comments

@jkjell
Copy link
Collaborator

jkjell commented Apr 19, 2023

Description: what's your idea?

Impact: Describe the customer impact of the problem. Who will this help? How will it help them?

Help grow community interest and participation in all aspects of TAG Security and related work. This will also support the broader CNCF efforts around mentorship: https://github.com/cncf/mentoring

Scope: How much effort will this take? ok to provide a range of options if or "not yet determined" for initial proposals. Feel free to include proposed tasks below or link a Google doc

I see two aspects to this:

  1. Proposing project ideas to different mentorship programs.
    This would be an ongoing effort to submit proposals to the different programs.
  2. Collecting a list of possible mentors in the security space.
    It generally looks like the programs listed in CNCF Mentoring last around 3 months. The time commitment for mentoring will need to be matched with the mentee's experience and the projects requirements.

For program proposals, we could collaborate with other CNCF projects interested in performing security related work (i.e. securing their supply chain, performing security self-assessments, establishing security policies) or we could propose items that would be for work more directly related to TAG Security and its working groups.

TO DO

  • Security TAG Leadership Representative:
  • Project leader(s):
  • Project Members:
  • Fill in addition TODO items here so the project team and community can see progress!
  • Scope
  • Deliverable(s)
  • Project Schedule
  • Slack Channel (as needed)
  • Meeting Time & Day:
  • Meeting Notes (link)
  • Meeting Details (zoom or hangouts link)
  • Retrospective
@jkjell jkjell added proposal common precursor to project, for discussion & scoping triage-required Requires triage labels Apr 19, 2023
@ragashreeshekar
Copy link
Contributor

Thanks for bringing this idea @jkjell. This sounds interesting, and an initiative I wanted to support for sometime now.
I can support as one of the TAG reps.

@stale
Copy link

stale bot commented Jun 18, 2023

This issue has been automatically marked as inactive because it has not had recent activity.

@stale stale bot added the inactive No activity on issue/PR label Jun 18, 2023
@PushkarJ
Copy link
Contributor

@eddie-knight to share more about the maintainer needs he heard during security slam

@stale stale bot removed the inactive No activity on issue/PR label Nov 29, 2023
@eddie-knight
Copy link
Collaborator

During the Security Slam we use CLOMonitor to measure projects against the CNCF security hygiene standards. Projects we've spoken who aren't able to meet the standard generally fall into three categories:

  1. Projects who have plenty of maintainer presence but the security hygiene standards presented by CNCF are a lower priority than their existing backlog of work.
  2. Projects who don't have a strong maintainer presence, and are barely keeping up with their backlog of work.
  3. Projects who don't understand or agree with the hygiene standards.

In the case of the first two types of project, a strong case could be made for guiding mentees to make the recommended security hygiene contributions. There is a body of material that can already streamline some of this work, but some elements will likely need a bit more guidance.

I don't want to name any projects here in case the situations change over time, but I'm happy to collab with anyone who wants to help pair mentees with projects who would benefit most from the support.

@PushkarJ
Copy link
Contributor

Thank you @eddie-knight. These are great insights.

Would you mind making introductions with one or two project maintainers (Slack group chat is ok) that you have in mind and share with them https://lfx.linuxfoundation.org/tools/mentorship as a way to get some security items off their plate with some expectation for mentoring? Let's be transparent and say that this will be pilot but one or more of us from TAG Security can help craft the project / program proposal with them.

@eddie-knight
Copy link
Collaborator

I reached out to the ContainerSSH maintainers, and they're excited to hear more about this. Making an intro on Slack now.

Will do the same when I hear back from a second interested project.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
proposal common precursor to project, for discussion & scoping triage-required Requires triage
Projects
Status: New Proposals
Development

No branches or pull requests

4 participants