-
Notifications
You must be signed in to change notification settings - Fork 631
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TUF Graduation PR #166
TUF Graduation PR #166
Conversation
Signed-off-by: Justin Cormack <[email protected]>
Tweak the organizations
alphabetical ordering of organizations
The TUF-variant Uptane is an extremely important technology in the automotive space, providing a secure way for software errors in automobiles to be securely fixed in the field. TUF provides the back-end security for Uptane and is essential to making the system work in a secure way so that even if an attacker compromises a server or a key, there will not be a loss of life. With at least one major OEM adopter in the US, Japan, and Europe, in a few years Uptane will be on about a third of new cars on US roads and is quickly on its way to becoming the de facto industry standard. |
Looks good to me. |
To reiterate @iramcdonald and @abecherer, TUF has been deployed to protect diverse environments ranging from the cloud (Datadog, Docker, IBM, Microsoft, Red Hat) to automotives. I am heavily involved with the project, but this should not discount the conclusion that it is high time for TUF to graduate on the CNCF. Please let us know if anything is blocking it, and what we can do to fix it. Thanks very much. |
As the tech-lead for IBM Cloud Container Registry I'd just like to chime in and confirm that we run the TUF based Notary in production, as a public service and fully support TUF's graduation. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Further revisions...
At the time of CNCF adoption into incubation, the only cloud native production use was in Docker and AppContainer. We had some footprint outside of the CNCF in LEAP and a few smaller projects. While in incubation, we have had adoption by Microsoft, Datadog, Google, IBM, RedHat, Cloudflare, DigitalOcean, VMware and many other companies. The TUF variant Uptane has also been adopted widely outside of the cloud native space, especially in the automotive space where it is an IEEE/ISTO standard and is hosted under the Linux Foundation's Joint Development Foundation. I've added text to this effect in this PR ( 4ed9c8b ).
I've added text to help address this in the PR ( b969c7b ).
We didn't do a DD writeup when entering the CNCF because that wasn't part of the process then. Here is the PR w/ documentation which may have helpful information. #38 I hope this helps to clarify things. Just ask if you need more from us! |
I don't particularly think it matters who or where the community is gathering, so long as there is a community, it's open to people to join, and people can find it. Is the mailing list in the NYU lab the same as what's listed on the README? I also think it would be OK in the Graduation PR to document the current levels of activity but to acknowledge that since the spec is stable, community activity levels are currently low. But IMO it should be documented so that when TOC members read this PR document to make a judgement on their vote, they know what the situation is. |
The Governance documentation defines a Consensus Builder and refers to a CB term, but I couldn't find where that term was defined? |
Signed-off-by: Justin Cappos <[email protected]>
Thanks @JustinCappos and TUF team for the revisions on this proposal. I believe TUF meets the graduation requirements so I’d like to call for a vote @caniszczyk @amye |
+1 binding TOC votes (6/9): |
No description provided.