Replies: 24 comments 28 replies
-
I can't find any other secret management that is better than sops right now. Using it to encrypt my fluxcd gitops and ansible decryption right now. I just hope you can at least update the required libraries so it doesn't break in the future. It will be sad if this goes down 😔 |
Beta Was this translation helpful? Give feedback.
-
I'd like to know what is the position of Mozilla, and if there is any requirement (or something like that) that a new maintainer should do. I know Go, I was thinking about stepping up for this. In that case, I'd be glad to have some help by others, tho (at least another 1-2 maintainers), as I never managed project at this scale :-) |
Beta Was this translation helpful? Give feedback.
-
I'm also happy to help, though my time is limited (i.e. there are too many other projects I'm involved in :) ) and I think I can only help well with some aspects of the project. |
Beta Was this translation helpful? Give feedback.
-
I very much agree with the above said, it's said to see this project die, as it is quite useful. |
Beta Was this translation helpful? Give feedback.
-
I echo @Enrico204's words. I'm willing to help maintain SOPS too, with some initial guidance from the current maintainers. SOPS is an amazing project to let it die. |
Beta Was this translation helpful? Give feedback.
-
maybe fork it? 😊 |
Beta Was this translation helpful? Give feedback.
-
Maybe at least pin this issue or add it to the README so things can get sorted out faster. |
Beta Was this translation helpful? Give feedback.
-
Is there any new about position of Mozilla? I'm not good at Go so far, but using this tool as well, and don't want to let it die. |
Beta Was this translation helpful? Give feedback.
-
Any update on this? Maybe in meantime we could at least merge some minor PRs like README fixes and other bugfixes? There are like many PRs fixing README for age key paths, for example. So going over all PRs and merging those would take only few hours I think. I can also help with such a pass (so just documentation and simple bugfixes, no features being added). This could improve experience with current version of the tool, while going over other PRs could be then left to the new managerial team. |
Beta Was this translation helpful? Give feedback.
-
I got https://github.com/go-sops organization. any chance to fork them? |
Beta Was this translation helpful? Give feedback.
-
It's been nearly 6 months and doesn't look like any of the maintainers have responded to any questions or suggestions here, maybe they need more time? Maybe they're completely mentally checked out of this repo? 😞 |
Beta Was this translation helpful? Give feedback.
-
@autrilla — is there any way of identifying and pinging someone from Mozilla to clarify that company's sponsorship stance? |
Beta Was this translation helpful? Give feedback.
-
Hi, everyone - mhoye here at Mozilla. I'm looking into it. |
Beta Was this translation helpful? Give feedback.
-
shut we collect, in this discussions, a list with the Priority ToDos? |
Beta Was this translation helpful? Give feedback.
-
Hi all, I’m the new Security Engineering manager here at Mozilla. I wanted to update the community on our current status and future plans for the SOPS tool. While the project does appear stagnant at this time, this is a temporary situation. Like many companies we've faced our own resource constraints that have led to SOPS not receiving the support many of you would have liked to see us provide, and I ask that you bear with us a bit longer as we pull this back in. I'm directing some engineer resources towards SOPS now and growing my team as well (see below, we're hiring!), so we expect to work on the SOPS issue backlog and set our eyes to its future soon. I realize there is interest in the community taking over SOPS. It may go that way eventually, but at the moment SOPS is so deeply integrated throughout our stack that we're reluctant to take our hands completely off the wheel. In the longer term we'll be evaluating the future for SOPS as we modernize and evolve Mozilla's tech stack. At present it serves some important needs however, so for at least the next year you can expect Mozilla to support both the tool and community involvement in its development. Lastly, as I noted above I am growing my team! If working on tools like SOPS or exploring other areas of security involving cloud, vulnerability management, fraud, crypto, or architecture sounds interesting to you, see our job link below and apply! I have multiple roles open and these are fully remote across most of US, Canada, and Germany. Thank you, |
Beta Was this translation helpful? Give feedback.
-
Hello, everyone - Mike Hoye here, mhoye at Mozilla. I'm working on this now, and will have more details - and I expect good news - before the end of this year. |
Beta Was this translation helpful? Give feedback.
-
@mhoye : |
Beta Was this translation helpful? Give feedback.
-
SOPS has applied to be adopted into the CNCF sandbox: cncf/sandbox#28 |
Beta Was this translation helpful? Give feedback.
-
Thank you to everyone who's helped us get to this step in the process, we're looking forward to seeing it through to its conclusion. |
Beta Was this translation helpful? Give feedback.
-
Congrats on entering into the CNCF Sandbox! https://lists.cncf.io/g/cncf-toc/message/8006 |
Beta Was this translation helpful? Give feedback.
-
now that it has been accepted, what is the process or next steps to get activity flowing on this project? There are several outstanding CVEs in dependencies and bug fixes that are needed |
Beta Was this translation helpful? Give feedback.
-
I have the personal feeling that the project is a CNCF sandbox project now, with the same numbers of maintainers: 0 @mhoye do you have an update for us? For is response at mozilla for decide and invite new maintainers for sops? |
Beta Was this translation helpful? Give feedback.
-
As you all can see, the repository has been transferred from https://github.com/mozilla to https://github.com/getsops. This means that from now on, the maintainers as documented in cncf/sandbox#28 are active. We need to do a bit of due diligence to finish the CNCF Sandbox onboarding, and to keep our promises to Mozilla. Given this, it will take a bit of time to adjust the repositories (including the release automation), before getting started with actually rolling out the long overdue patch release. This patch release will be aimed at solving the most primary bugs that have a low risk of breaking other things, and may not include everything that is at present on the (immense) backlog. Please bear with us while we try to work through everything (including issues), this may take some time. Lastly, I want to thank you all for your extreme interest in keeping this project alive, and the patience you have had while we at times appeared to go radio silent. Transfers like this are not the easiest to do quickly, and I understand this can have been frustrating. Nonetheless, we were able to keep things humane and friendly, which is worth a dedicated mention and compliment. |
Beta Was this translation helpful? Give feedback.
-
It's quite apparent to me that neither @ajvb nor me currently have enough time to maintain the project, with PRs sitting unreviewed.
I think it's time to look for some new maintainers. I don't know how that looks like from Mozilla's point of view.
Beta Was this translation helpful? Give feedback.
All reactions