add Notary Project annual review doc #1187
Conversation
Signed-off-by: Feynman Zhou <[email protected]>
|
@TheFoxAtWork Could you pls help review this PR? Thanks |
|
@FeynmanZhou I've asked another member of the TOC to review as they will have a fresh set of eyes. If not done by next week I'll pick this up. |
There was a problem hiding this comment.
@FeynmanZhou Thank you for submitting the Notary Project review to the TOC as requested.
I have reviewed the content and the audits and have the following feedback/recommendations for the project:
Review Summary
The 2023 Annual Review as presented by the Notary Project reflects a mid-level Incubation Project not yet ready for Graduation. The recent iteration of the project goals and scope, as a result of clarification request of the TOC, set a more clear path for the Project. Community growth and development appear to be slow, but progressing - this is not uncommon for projects in specialized technical areas. The project engages in long term planning and has a comprehensive project board that tracks this and reflects ongoing and active development towards versioned releases. Adoption of the project is slow, as evidenced by the limited pool of adopters. The project is self-aware of their needs, but will need heightened focus on technical community and adopter growth and development in order to be ready for graduation (among many other maturity areas in need of further advancement).
Recommendations
-
The project should engage in focused efforts to increase awareness and understanding of the use cases where Notary Project and its sub-projects may provide value to adopters. This may done through CFP submissions to KubeCon Cloud Native Con that highlight interoperability of the Notary Project with other projects in the ecosystem to solve known challenges of signing and verification experienced by adopters.
-
The project experiences adoption by a limited set of vendor organizations and does not appear to have obtained an end user adopter. The project should reach out to its existing community to identify any organizations, anonymous or otherwise, that are using the Notary Project in any capacity and request feedback. It is also recommended the project reach out to CNCF for support in understanding End User needs for signing and verification to close any gaps that may be inhibiting broader adoption. This is essential for viability of the project to achieve graduation status.
-
The project is also recommended to re-engage with the Security Technical Advisory Group to discuss the current direction of the project in an effort to identify other projects in the ecosystem that Notary Project can provide value to upon integration. It is also recommended that Notary Project apply for ContribFest at the next KubeCon Cloud Native Con where it is available in order to attract potential contributors in advancing the project's maturity and use cases.
-
Technical writing support may be requested through the CNCF service desk by project maintainers and must be clearly scoped. Subject to CNCF resource availability.
|
@cncf/cncf-toc I need one additional TOC member to review. |
There was a problem hiding this comment.
I agree with @TheFoxAtWork and want to add some additional guidance. To grow in terms of users and awareness you can try some things such as:
- Speak at conferences beyond KubeCon/CloudNativeCon such as Rejects.
- Get on cloud podcasts to talk about the project
- Write blog post and articles where your target audiences tend to read
I simply want to impress that going beyond the typical cloud native channels can raise awareness.
When you communicate about Notary it would be useful to talk about where one would use it compared to a different tool in the ecosystem. End users will be looking at the various tools and trying to choose. Helping them navigate that decision will be helpful.
|
With the 2 approvals we can merge. |
|
Thanks @TheFoxAtWork @mattfarina for providing valuable suggestions. We will share these with other Notary Project maintainers in the community and discuss our actions based on your recommendations. We will reply to you in a couple of weeks. cc @caniszczyk |
|
FYI projects can always submit things to the CNCF blog: https://github.com/cncf/foundation/blob/main/online-programs-guidelines.md Thanks for these detailed recs. |
Resolve #1018