►
From YouTube: CNCF TOC Community, Projects & Lessons We're Learning - Liz Rice AquaSecurity | OpenShift Commons
Description
Keynote: CNCF TOC Community, Projects & Lessons We're Learning
Liz Rice Aqua Security
OpenShift Commons Gathering on Community Development
June 15, 2020
A
Hey,
let's
see
whether
I
can
drive
my
sides
roughly
yes,
I
can
okay,
no
I
thought
if
we're
gonna
just
talk
a
little
bit
about.
You
know
the
community
at
the
CN
CF
and
some
of
the
things
that
the
TRC
has
had
to
kind
of
deal
with
and
in
particular
the
scale
issues
that
we're
trying
to
deal
with.
But
if
we're
going
to
talk
about
the
CN
CF,
we
have
to
just
pause
on
what
the
CN
CF
is
here
to
do.
A
This
is
the
screenshot
of
the
home
page
of
the
CN
CF
it's
about
cloud
native
software.
We
could
probably
spend
half
an
hour
talking
about
exactly
what
that
means.
The
definition
is
three
paragraphs,
long
I
think
in
terms
of
being
a
welcoming
community.
It
has
been
brought
to
my
attention
just
in
the
last
couple
of
weeks
how
that
description
is
actually
quite
off-putting
for
people.
So
something
I'd
like
us
to
think
about
is
how
we
can
make
that
come
up
with
a
definition.
That's
both
accurate
and
not
off-putting.
A
You
know
welcoming
to
people
are
also
about
sustaining
the
ecosystem
around
this.
This
is
about
the
project.
It's
about
the
users
for
those
projects,
it's
about
the
vendor
community
that
fund
all
of
this.
You
know
we
have
a
lot
of
different
and
different
subsets
of
our
community
and
different
sort
of
interests
that
we
need
to
cater
for
and
we're
trying
to
balance
those
interests
that
that
city
is
good
for
the
project
and
the
end-users
and
the
vendors
okay.
A
A
Another
is
that
the
CN
CF
should
represent
a
strong
technical
identity
that
we're
very
much
about
this
software
that
we
call
cloud
native.
What
does
that
mean,
and
what
does
that
require
from
different
projects
in
order
to
meet
that
identity?
And
it's
not
an
easy
thing
to
turn
into
a
bunch
of
checkboxes
and
I?
Think
that's
one
of
the
challenges
for
the
TOC
and
the
TOC
community,
the
internalized.
What
this
identity
is
and
figure
out
how
our
projects
can
fit
with
that
identity?
A
A
How
do
we
foresee
this,
this
landscape,
this?
This
stack
again,
I'm
not
going
to
dwell
on
all
of
the
different
bullet
points
here,
but
the
thing
that
I
did
want
to
highlight
here
is
that
we're
looking
for
these
high
quality
high
velocity
projects
they
in
particular
those
first
two
words
high
quality.
A
It's
not
enough
for
a
project.
You
just
be
cloud
native.
We
also
have
this
sense
of
no
kingmakers
I
nearly
highlighted
that
one
as
well,
but
we
are
not
trying
to
offer
choice
end-users,
but
we
somehow
have
to
figure
out
what
that
high
quality
aspect
means
high
velocity
probably
means
that
it's
evolving
fast,
that
it
has
lots
of
contribution
contributors.
It
has
lots
of
end-users
that
it's
evolving
towards
its
kind
of
product
market
fit.
A
You
know
approaching
that
well
and
fast,
as
I
say,
the
high
quality
bit
is
pretty
hard
to
measure
if
I
kind
of
put
those
together
what
the
TOC
community
has
to
try
to
do.
One
of
our
main
roles
is
assessing
projects
for
whether
or
not
they're
high
quality
within
this
boundary
of
what
cloud
native
means
and
what
this
wrong
technical
identity
means.
A
Native
projects
are
known
for,
being
scalable,
being
API
driven
being
dynamic.
So
that's
the
kind
of
thing
that
we're
looking
for
from
this
identity,
but
it's
not
a
checkbox
exercise,
particularly
at
what
we
call
the
incubation
stage.
There's
this
really
significant
amount
of
due
diligence
that
the
toc
engages
in
reviewing
the
project
documentation,
trying
the
projects
out
interviewing
end-users
to
understand
their
experiences.
A
Looking
at
the
code
assessing
the
way,
the
project
governed
and
trying
to
make
sure
that
it
meets
the
CNCs
non-technical
requirements
as
well,
the
things
around
open
governance
and
neutrality,
and
we
do
get
help
from
the
DNC
eff
staff
office
with
some
of
that.
But
in
the
end
the
TOC
is
the
group
that
gets
asked
to
make
these
judgments
there's
a
lot
of
work
here.
A
This
is
you
know,
it's
non-trivial,
to
assess
these
projects,
which
leads
us
to
the
issue
of
scaling
the
issue
of
how,
in
such
a
successful
foundation
where
we're
growing
the
number
of
projects
is
growing.
We
know
we
still
have
gaps
in
the
landscape,
but
we
do
have
this
increasing
number
of
projects
we're
at
almost
50
projects
in
the
CNC
F
now-
and
you
can
see
by
the
graph
that
the
the
number
that
have
graduated
has
been
growing.
A
A
So
that's
if
we
wanted
to
try
and
assess
all
of
those
projects
at
incubation
level,
that
would
be
a
large
large
large
amount
of
work
and,
in
addition
to
the
sandbox,
we
have
projects
increasingly
wanting
to
move
up
between
sandbox
and
incubation.
But
right
now,
there's
not
quite
a
half
but
I.
Think
about
40%
of
the
number
of
projects
that
want
to
be
assessed
is
about
40%
of
the
total
number
of
projects
on
the
to-do
list.
A
So
it's
a
lot
of
stuff
out
there
looking
to
be
assessed
in
one
way
or
another,
and
that
is
really
hard
to
reconcile
with
this
principle.
All
fast
is
better
than
slow,
so
I
guess
the
over
a
year
ago.
Well,
we
had
the
technical
Oversight
Committee
as
one
of
the
kind
of
three
pillars
of
the
CNC
F.
We
added
in
the
6
and
the
6
has
been
hugely
useful,
really
useful
resource
of
having
this
amazing
group
of
people
who
have
much
more
in-depth
knowledge
of
certain
areas
than
some
of
us
do
on
the
TOC.
A
Lots
of
us
have
individual
focuses
on
particular
areas,
but
we
can
broaden
out
beyond
our
11
members,
to
these
amazing
people
on
the
SIG's
to
try
and
help
us
with
this
and
try
and
help
us
cope
with
this
backlog.
That's
been
building
up
of
assessments
and
more
people,
it
assists
more
expertise.
It
gives
us
more
time.
I
think
this
is
worth
mentioning
in
terms
of
community.
Most
of
us
are
doing
these
roles
in
the
TRC.
This
is
certainly
true
and
I.
A
Think
across
the
SIG's
I
think
across,
and
you
know,
kubernetes
sakes
I
think
across
a
lot
of
projects,
people
are
paid
I,
think
most
contributors
are
probably
being
paid
by
an
organization
to
do
a
job
but
they're
not
necessarily
being
given
a
huge
amount
of
time.
The
work
on
CNCs,
specific
things,
a
lot
of
us
have
you
know,
full-time
jobs,
doing
proper
engineering
and
with
working
around
that
they're
being
able
to
recruit
time
from
a
bigger
pool
is
hugely
valuable,
but
it
also
means
that
we
have
increased
divergence
of
opinions.
A
You
know
what
do
we
mean
by
how
equality?
What
do
we
mean
by
cloud
native?
How
do
we
even
draw
they're
kind
of
bars?
What
what
bar
should
we
be
drawing,
and
the
underlying
problem
that
we
have
to
face
up
to
you
is
that
it
can
be
more
confusing
for
projects.
This
is
something
that
I
think
you
know
we're
recognizing.
There
is
a
balance
here
between
leveraging
all
this
amazing
expertise,
but
also
just
it
being
more
confusion
for
for
the
project
and
the
increasing
number
of
projects
out
there.
A
So
this
is
one
of
the
reasons
why,
in
the
sense
EF,
we
are
simplifying
or
we're
experimenting
with
simplifying
the
sandbox
process
and
I
think
we're
trying
to
do
this
by
reducing
significantly
the
amount
of
assessment
that
we'll
do
at
the
sandbox
stage.
We
might
still
be
saying
if
we
don't
think
they're
like
a
fitful
cloud
native.
A
You
know
this
isn't
going
to
be
a
catch-all
or
every
single
open
source
project
we
want
to
be
able
to
have
some
feel
that
it
is
a
cloud
native
project,
but
we're
not
going
to
give
any
guarantees
to
end-users.
We
never
have
given
guarantees
to
end
users
about
sandbox
projects,
but
it's
always
been
very
confusing.
We've
had
handles
projects
leveraging
the
CNCs
name
to
promote
their
projects.
That's
one
of
the
reasons
why
it's
been
so
popular,
not
necessarily
good.
For
those
end
users
who
are
really
important
constituency
of
our
community.
A
So
we're
going
to
try
really
hard
with
this
built
evolving
sandbox
process
to
clarify
to
users
that
there
is
no
due
diligence.
That's
been
done
on
these
projects
that
we
believe
their
cloud
natives,
but
we're
really
not
assessing
them
in
any
further
way,
and
this
is
very
much
working.
Progress
we'll
have
to
see
how
this
evolves
I
think
it's
potentially
going
to
be
painful.
Every
process
change
is
a
bit
painful,
but
I
hope
that
it's
going
to
enable
us
to
improve
the
scale
with
which
we
operate.
A
Why
they've
been
not
accepted.
We're
trying
to
improve
those
elements.
We
hear
a
lot
about
that
and
it
worries
us.
I
always
want
to
close
on
the
fact
that,
although
there
are
floors
and
lots
of
things
we
can
learn,
the
ncfd
is
doing
a
lot
of
good
things
for
a
lot
of
projects
and
making
those
projects
available
and
raising
the
awareness
of
them
a
lot
of
end-users.
They
I
think
overall,
as
a
community,
we
are
doing
good
things
and
with
that,
I
will
wrap
up
there
and,
like
it
make
sense
well.
B
Think
that's
the
thing
that
that
I
want
to
stress
too,
is
that
this
today
is
really
talking
about
how
the
lessons
that
we've
learned
along
the
way
and
what
I
think
is
wonderful
about
the
CNC
F
is
your
ability
to
understand
when
things
are
going
awry
and
needing
to
change
processes
and
adapt
to
the
environment.
The
sandbox
example
is
a
very
good
example.
B
From
my
perspective,
it's
probably
the
right
move,
it's
very
hard
to
remove
the
the
branding
of
CN
CF
as
if
it's
a
blessing
on
a
sandbox,
but
that's
going
to
be
tactically
a
hard
thing
to
do,
because,
and
that's
really
one
of
the
things
it
does.
One
of
the
conversations
and
I'm
going
to
unmute-
or
just
so,
we
have
a
few
minutes
to
wrap
up
that
Alois
and
Aaron,
and
your
your
fellow
AMA
and
Brian.
B
What
we
were
talking
about
a
little
bit
before
you
came
in
was
from
a
community
development
process.
A
lot
of
people
managed
to
make
it
through
the
CNC
F
incubation
get
incubation
in
sandbox
and
they
think
this
is
an
instant
karma
thing.
They're
all
the
we're
going
to
get
all
of
this
wonderful
new
new
information,
new
community
members,
new
contributors,
new
engineers
working
on
their
project
and
that
much
sometimes
to
their
shock
and
demap.
You
know
surprise
they
don't
get
that,
though
the
TOC
is
about
vetting
and
and
doing
this.
B
But
the
component
that
seemed
to
me
to
be
missing
is
the
coaching
on
how
to
develop
communities
once
you're.
You
know
once
you're
in
the
door
and
I
wonder
if
you
can
address
that
just
a
tiny
bit
here.
You
know
what
the
CNCs
perspective
is
on
whose
responsibility
it
is
to
do
the
Community
Development.
Once
it's
gone
on
yeah.
A
You
know
the
amazing
things
that
the
kubernetes
community
did
in
terms
of
recruiting
people
on
there
I
think
it's
I,
don't
know
how
many
hundreds
of
thousands
of
people
they
have
who
have
contributed
to
Cuba
Nettie's
they've
been
so
successful
in
that
onboarding
of
contributors
like
we
have
to
be
able
to
learn
some
of
that
goodness
for
other
projects,
so
super
excitingly
when
Paris
suggested
hey.
Do
you
think
we
could.
A
Sometimes
projects
don't
necessarily
want
to
that's
a
whole
other
question,
but
where
they
do
I
think
that
cig
resources
from
CNCs
staff,
just
recognizing
that
you
know
it's
all
well
and
good
us
talking
about
things
like
mutual
governance,
but
people
need
to
be
able
to
recruit
maintainer.
So
how
do
they
do
that?
What's
the
what's
the
process
for
making
your
project
seen
welcoming
and
exciting
we're
going
to
try
and
improve
that
we
prove
the
education
process
for
that.
B
C
So
everything
that
Liz
says
and
I
mean
I
will
do
chime
in
and
diagnose
this.
There
is
lots
of
people
from
lots
of
places
with
lots
of
priorities
and
lots
of
constraints,
and
we
need
to
realize
that
that
it
does
take
all
types
to
build
this
community
that
we're
trying
to
build,
and
sometimes
from
your
point
of
view,
this
is
the
best
thing
and
the
most
right
thing
ever
doesn't
fit.
You
know
where
the
TOC
is
or
where
the
sig
is
or
where
the
community
is,
and
it's
difficult
and
frustrating,
but
I
mean
I
watched.
C
What
liz
is
doing
and-
and
we
just
need
to
first-
have
a
process
and
then
follow
that
process
and
I
think
over
time.
It'll
it'll
smooth
itself
out
because,
right
now
it
is,
it
is
difficult
and
I
can
see
why
people
would
look
the
other
ways
or
thinking
that
something's
negatives
going
on
so
special
people.
To
keep
that
in
mind.
B
D
D
The
other
one
I
always
he
saw
this
approach
and
that's
been
my
role
on
both
sides
here,
but
I
mean
to
be
to
be
to
be
totally
blunt
here.
If
you
didn't
want
to
get
into
the
scenes,
yes,
that
the
provost
might
be
taking
it
as
long
as
the
scenes
yes
is
growing,
it
has
to
to
adjust
it
shouldn't,
really
hold
you
approaching
back.
You
should
still
be
working
on
your
project.
Building
on
community
working
with
your
end
users,
and
waited
list
mentions
like
to
continue
to
spread
it
to
me.
D
If
there's
a
CNCs
calendar,
it's
a
public
meeting,
so
even
I
just
might
be
like
a
public
seek
without
even
if
you're,
not
a
CNCs
project,
you
can
still
join
the
meeting
if
you're
part
of
the
CNCs
and
learn
from
people
there
and
just
people.
So
much
thinking
like
through
this
badge
of
honor
from
the
CNCs
that
there
is
you
yes
project
that
and
they
start
working
it
out.
D
It
helps
you
in
certain
situations
like,
for
example,
if
the
company
is
like
it
is
from
wanting
to
work
on
something
together
in
order
to
build
a
project.
It
would
be
incredibly
hard
for
us
to
do
this,
but
still
first
people
need
to
agree
on
a
common
agenda
and
so
forth,
and
then
the
disease,
the
analyzing,
might
be
the
icing
on
the
cake
and
those
event
projects
come
in
there
early
when
we
can
it's
great
to
have
continuity
there,
but
we
sometimes
just
try
to
do
as
well
as
the
sick,
cherries.
D
We
fight
a
connection
to
order.
Okay,
this
is
other
project
you
might
think
with
them.
You
might
talk
about
topics
with
statment.
It's
received
a
different
way,
so
something
well
never
thought
about
this.
Thank
you
for
the
end.
That's
what
we're
here
for
and
I
just
want
you
to
this
point
before
what
should
be
run.
That's
the
loan,
but
ending
of
leveraging
that
community
that
you
want
to
get
into
and
I
think
that's
what
you
very
quickly
see
also
for
people
submitted
projects,
I
mean
we
as
the
sick
chairs,
are
also
dots.
You
would
like.
E
E
Yeah
I
mean
I
I,
think
there's
a
lot
of
talk
around
intentions
and
motivations
and
I
sincerely
do
think
that
the
community
of
people,
both
TOC
chairs
and
big
chairs
and
everyone
involved,
has
the
best
intentions.
They
really
believe
in
the
community.
They
believe
in
open
source
and
I.
Think
you
know
that's
the
perfect
combination
of
how
we
move
stuff
forward
in
addition
to
the
community
building
I
think
it's
super
important
to
have
all
these
people
together,
singing
the
same
song
debating
things
openly.
B
I'll
take
the
last
word
and
Brian
Brian
actually
said
something
use
the
phrase,
end
user
and
one
thing
that
I
would
I
would
like
to
see
more
of
and
having
Paris
startup
the
contributors
strategy.
Cig
is
a
great
thing,
but
a
recognition
that
community
is
more
than
contributors.
It
is
the
end
user
community.
B
B
That's
an
offer
to
to
expand
the
horizons,
I
think
from
of
that
and
Thank
You
Liz
for
or
figuring
out
the
time
zones
and
for
bringing
the
TOC
clarity
there
that
that
I
think
everybody
is
looking
for
and
and
continue
to
evolve,
the
processes
and
the
people
that
are
involved
in
the
TOC.
We
know
it's
a
lot
of
work
and
we
really
appreciate
the
effort.