Comments (8)
The working group lifecycle document can be found here
https://github.com/ossf/tac/blob/main/working-group-lifecycle.md
from tac.
It could also be valuable to articulate the breadth of work that is currently going on and how our assorted components do/should be aligned. We had done a very basic "reference architecture" diagram for BlackHat last year that may be useful to start from. It would be nice to show our body or work so that new projects or ideas can see how their project might fill in a gap or compliment existing work.
from tac.
@SecurityCRob I agree that having an updated overview would be a helpful asset in this discussion.
If trying to frame the whole project-progression without an understanding of the projects that are already in-progress is like describing an elephant in the dark, then how about we take a phased approach?
- TAC discusses and creates a set of questions for each Technical Initiative to complete, including: what is the current charter, who is the point of contact, and what are current gaps/needs.
- TAC passes these questions to the Technical Initiatives, collects responses, updates github repo
- TAC identifies a cadence for regular reviews with each Technical Initiative (quarterly? semi-annual?) and begins to schedule with the primary point of contact for each
- After a first review is completed with each Technical Initiative, and the new TAC members all have the same information as a starting point, then the TAC revisits the broader questions raised here around funding, oversight, and the TAC<->TI relationship.
from tac.
I spent a little looking at everything the OpenSSF has in this space
(side note, there are 38 repos in the ossf github org. It's sort of hard to navigate)
I want to start with the charter. This is the only one I could find
https://cdn.platform.linuxfoundation.org/agreements/openssf.pdf
It's clearly for members to review, the actual charter is pages 6-13. It would be handy to have a nicer copy of the charter available
The charter calls out the TAC as "Technical Advisory Council", but in many places I've seen it called the "Technical Advisory Committee" I assume we should use the language in the charter.
The charter has a section about committees, but nothing about working groups. I suspect the first point of clarification will be is a working group a committee? If working groups are committees, that charter section should be reviewed (section 4).
from tac.
Hi all,
I'd like to point out that the proposed project lifecycle is very similar to the one Hyperledger started with 6+ years ago. We eventually renamed "Active" to "Graduated" because the term "Active" turned out to be very confusing. Indeed, we had (and still have) several projects that were effectively active but didn't meet the requirements to get out of Incubation (getting enough diversity is typically the blocker). If the intent is to eventually use the same project lifecycle for WGs and projects, I think this is a situation we may face in OpenSSF too so I would suggest we save ourselves the trouble of changing later and simply go with Graduated now. It's a term used in other LF projects such as CNCF.
For reference, see the Hyperledger project lifecycle. You'll see that we added several other stages in response to various situations we ran into. I'm not suggesting we adopt all of these now though. But changing names is always a pain so the sooner the better.
from tac.
The charter calls out the TAC as "Technical Advisory Council", but in many places I've seen it called the "Technical Advisory Committee" I assume we should use the language in the charter.
I agree, because the charter is under the control of the Governing Board, so changing it requires GB approval. It's not necessarily hard to do but it's typically more work. :)
from tac.
Here is the history of how the CD Foundation handled a working group moving to a project vs onboarding an existing open source project being added to the CDF.
from tac.
This has been documented here: https://github.com/ossf/tac/blob/main/process/project-lifecycle.md
from tac.
Related Issues (20)
- New issue template development for TI updates HOT 3
- [Technical Initiative Funding Request] - S2C2F PAS Submission Funding Request HOT 11
- Make getting/staying involved in TIs easier HOT 4
- WG lifecycle update HOT 4
- TAC Vote Needed - Enable GitHub Secret Scanning and Push Protection HOT 22
- Publish TI funding requests cycles. HOT 1
- Programmatic Help with Standardization HOT 1
- [Technical Initiative Funding Request]: Sigstore Documentation Modernization HOT 10
- Project Onboarding Action Items HOT 5
- Threat Model for an Open Source Project - Yes/No? HOT 12
- [Technical Initiative Funding Request]: Cybersecurity Workforce Development (Education Focus) HOT 18
- Add benefits/impact questions to TI funding request template
- Proposal: Expanding Security Benchmarks for Critical OSS in OpenSSF HOT 2
- Proposal: Funding Critical Projects POC with commercial vendors HOT 9
- Advice Needed - Staff-Produced Architecture Document Review Process HOT 5
- Should Scorecard Adoption in project-lifecycle.md besides TI Gives? HOT 2
- [IP policy and license review] Bomctl Sandbox Project Entry
- Provide Logos to Sandbox Projects HOT 5
- Resolve FRSCA HOT 6
- Resolve Status of Projects Lagging in Onboarding HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tac.