 Yeah, welcome everyone so Yeah Please No, I was just going to say yeah, we are here today representing the CDF TOC Yes, so we wanted to give you an opportunity to meet us and ask questions So Yeah, I mean I can I can say Well, let's let's first start with a round of interaction, right? Yeah You want to get so Steve Taylor I'm from the deploy hub part of the Artilius project that's under the CDF and Trying to think what else I got going on just a few things And also on Persia as well done work on those two projects under the CDF That's who I am Hello, okay. I'm Melissa McKay. I am I have a developer advocate with JFrog JFrog is a member of the CD foundation and I was I think at first appointed and then elected by the governing board How that works anyway? This was a really cool opportunity because not all of the TOC members are here But enough of us were here at this conference We thought this would be a really good idea to everyone get together Thanks, and I am under the Fritoli I work for IBM. I'm a developer advocate. I am a maintainer of tecton and CD events project within the CDF and Yeah, I was elected to the TOC as a project representative for for tecton and you're also the What are we calling you now the chairman of the TOC and I yeah, I also elected the chair as the TOC so I serve as as chair and Yeah, so maybe just a couple of words about how the TOC is structured so we We have four members Which are elected by the the maintainer or the contributor community within the CDF So everyone that contribute who contributes to the technical project hosted Within the CDF can vote and select for representative of the TOC Then we have three representatives in the TOC which are chosen by elected by the governing board Melissa and finally we have two of the representative on the TOC which are Part of the end user community So we have end user company which are members of the CDF and they select two individuals to join the TOC For one year term Yeah to represent the end user community Yeah, so I put up Like the charter of art. It's under the CD foundation TOC repo, but basically to give you an idea of what we do we're as a TOC We are responsible for collaboration with between and among the technical projects hosted within the CDF So we are also responsible for the life cycle of this project So making sure that we review application for projects entering the CDF And helping them grow through the CDF and get to a graduations graduated state Yeah So probably one of them like a couple of the most important documents if you're a project or you're interested in how projects join There's the project life cycle documentation that tells you you know all of the criteria in order to submit your project to the CD foundation and then there is a Like a project proposal that comes even before then if you're interested in a particular project joining That includes all of the specifications that you need to get set up before you're accepted to the foundation All of us in the github repo by the way, yeah, there's a CD foundation repo There's a TOC section underneath of that and all of that documentations in there and one of the things that we are Constantly doing is looking for new projects that we can bring into the the CD foundation And even if we have some projects that we'll share with from like the CNCF or the open SSF So for example, we have a supply chain working group in the CDF that is Kind of crossing over with the working groups from the open SSF so we I think we technically At the TOC level Have the oversight over the working groups as well and keep an eye on what they're doing At that level. We're currently going through a process of making sure There's project representation That we know who like the the contact person is for all all the projects that we have out there Even though it's not that many it's amazing how quickly people move around and we're constantly You know going through and making sure we know who's who's doing what what the projects have going on if they need any help in marketing You know those type of things if they need help and getting presentations together That's one of the things that were kind of responsible for Cool. Shall we open it for questions? Do I think Robert had a question they wanted to No, my question was what is the CDM TOC do? Well, they answered it which was what is what's the TOC do and you all nailed it. Yeah, another thing we do we kind of Start or help like technical initiative within the CDF community So we have what they're called special interest group and We have a few different topics and those are communities that within the CDF that come together to discuss things like interoperability event supply chain and Yeah, we have MLOPS interest group as well So and we have sponsors within the TOC that each sponsor is responsible for one of this group I just want to make a comment as a developer I worked in a cycle for many many years. I didn't really pay attention to governance or Foundations or whatever, you know, I just went to my job. I did my job I used whatever libraries were available to me But one of the questions that I got answered immediately is why why do we care? why would we submit a project to a foundation at all and the biggest reason that Was important to me as a developer is when I bring in another project to my own project And I rely on it for my own success of my own development. I There's a certain amount of trust I need to have that that project is going to be Active tomorrow, you know that there's going to be someone I can contact if there's a problem Or if there's a feature Especially an open source if there's something that I would like to discuss Committing to the project, you know, I want to be able to do that and being part of found it of a foundation There's a certain amount of vetting that takes place already When the project is a part of the foundation that I don't have to do myself as a developer when I'm considering tools for my own project So that was something that I really appreciate and one of the vetting things that we do is initially when a project comes in They need to have governance they need to show proof of activity and proof of A collaboration between several different people not just one person, you know committing everything for the project. So pretty good stuff And also on that that front we like with the CD events the CD events originally started out as just a working group and That working group grew big enough and had enough interest And they finally got to a point where they could see a deliverable that was going to come about and The TOC worked with the that working group to convert it into a an official project under the CD foundation So things like that will happen as well. So if you have some particular interest Topic around the the pipeline world or the this integration or the delivery side Doesn't really matter. We'll take a look at it and see how we can help you out on that front and one of the things if you are interested in Checking out what's going on If you go to the CD foundation website You'll find our shared calendar. So most of the projects will put their meeting times out there out on the shared calendar and Make sure you scroll because depending on which time zone you're in You'll find different things, you know, we we try to adjust to have things like on the Ortega side, we have Typically meetings early in the morning in the states to help Meet up with the folks in India that are in the evening, but then we also have another group that's in Australia and So we have a second meeting to deal with that. So just when you go to the counter Make sure you look through all the different time slots throughout the day. I Have a question. Yeah. Yeah. Thank you. So my name is Enrique I have been attending some of the TOC meetings for the last month and also been participating on the outreach committee Representing project shipwright. So my question is about Which is a criteria for graduating a project for example from incubation into the next step? Right. Yeah, you wanted to take care of that. And Since you went through it recently with that time. Yeah, as we went through that last last fall last autumn in for tecton, so There are several type of requirements And that span from like best practices and so we use like the open SSF batch program And so that's something that the project at least that the major project within your larger project should comply with and that brings a lot of requirements in terms of like How your governance is documented so you must have like public governance documentation. You must have Good release documentation So that if someone wants to to consume your project, they know where to find releases how often releases will happen and so forth And there is also requirement that is external to the open SSF to at least have a plan for having long-term support releases That's something that we started doing for instance protect on as a to match this criteria So on top of the open SSF badges, well as part of the open SSF badges, also It's there are a number of like security requirements, so you must have like one person within the project that is like the at least one person with security experience that is like the security point of contact and certain best practices and that also does in tecton to set up like Extra CI job and checks to make sure that security was Complied one requirement also related to security is to have security audit or recent security audit for done for your project And then yeah, so adoption and it's also one of the requirements So you need to demonstrate that the project has been adopted by certain number of users Also things that counter like other projects building on top of your projects. That's also a good sign of healthy project that is and then for for a graduation and Did I miss? That security audit was done by a third party. Yes, so the security audit for tecton was done by a third party trade of bits, I think was the name of the company and Yeah, so it was arranged and paid for by the CDF for for tecton So but it was an independent company and they've been working with a lot of project Projects in the CNCF as well So and is that is that independence a requirement because the Jenkins project for instance did not use an independent Auditor to do this security assessment is that something that projects can do a self-assessment From my understand in the The life cycle project So you in the in the CDF. We don't have a sandbox like in the CNCF So you start out as incubating and then you go from incubating the graduated We haven't had the need at this point to introduce a sandbox Level a part of the life cycle. So you start out at incubating then you go to graduating and in that life cycle document It talks about the the third party is needed and like what Andrea said it was paid for by The CDF to get that done so it wasn't something that like a company had to step up and do now I believe with Jenkins Because Jenkins was like one of the original founders of the the CD foundation I think they already had the security audit done and Jenkins kind of came in pretty close to being graduated with a lot of the criteria already in place So that's kind of like the the historical part of the the Jenkins side Yeah, I mean Jenkins has got a security team of four or six people So we it's not a question of compliance. It was rather of oh Did we miss something that we need to go get somebody to do this for us be yes We've got a security team and we've got a security officer and we've got all sorts of all manner of stuff like that, okay Thanks, I like that both of you mentioned that that was paid for by the CDF So another benefit of being a project within a foundation is you get a lot of support like that And that's part of what the TOC is supposed to do is if a project has infrastructure needs or You know finance concerns we can take that information to our budget committee and figure out what we can do to help And it was interesting when When we first started working with Oleg and the Jenkins side We found that a lot of the Jenkins infrastructure was on Koski's credit card So we had to do some work on that front to to get things moved around and when we actually did that we actually found that we're able to do a bunch of cost savings and one of the cost savings was to Utilize some of the github features Which is weird, but it was one of those things that we were able to offset just by Changing up some of the platform underlying platform stuff So and then there's other like on the artillery aside we Run our stuff in Azure. So we actually had the Linux foundation stand up Kubernetes in Azure for us I don't know what it was this tech on run and Mostly the infrastructure in Google. Yeah, yeah, most of the infrastructure is in GCP But we have now a billing account in GCP part of the Linux foundation group So and that's also something that the city foundation as to see we worked on to transfer the initial billing of the project into a CDF Linux Foundation account Yeah, and now Robert here is going to give us a screaming deal on all these platforms As as our our new go-to person for tools so and that's part of it is is as the These your individual projects come together. We are actually able to get better, you know Building prices and things like that as part of that and things like you know running SNCC Those trivy some of the insights you get from the LFX tools come into play as well As things kind of roll up Yep. Yep. He's just start over I had a Moment of jealousy yesterday when I was watching the graduation panel, but you hosted nothing and I'm Joe you're on it too, and I think it's when The guy from Codefresh his name is Dan Garfield was talking about Argo. It was kind of listening Oh, yeah, no Argo has got Argo CD and it's got Argo workflows. It's got the new Progressive releasing option and they've got events and just his ability to kind of describe Argo Argo in terms of an end-to-end reference architecture to do Get ops was like, oh man, that's nice and I've been wondering if there is an opportunity to Think more about how to describe the individual projects within CD foundation as part of a broader reference architecture that covers sort of CI CD and to end Related to this. I'm also wondering if we Because I'm all about tecton all the time if we Reflexively think about other projects as often as we need to For example, we're talking a lot about Artifacts and tecton like you described this morning on chair, which is really important to tecton But I think that so far everyone at Google who's thinking about artifacts and how artifacts should be built and what tecton Building looks like probably doesn't know much about chip, right? Or thinks about it too much, which is which is bad, right? Like we should that should be sort of Front and center in our thinking about the design of how to build things is sort of prior art that exists within the foundation, right? So that's not a question. That's but I guess what I'm yeah These are things that I guess the as as the body responsible for making sure that projects are talking to each other and Leveraging each other. These are some of the things and focusing and one of the things we've Started this year is to we've actually set out a calendar to have all their projects kind of present the roadmap and the status to the TOC so we can get a better idea of what's happening on for each one of the projects and Based on that we'll be able to figure out how we can You know make sure that not like not necessarily talking to each other But understand what's happening with each one of the projects at that level. So we are starting there to go down that road and in Trying to get the sharing between the different teams and the different projects happening Does it make sense then after you're done with each project to have all the projects come together and then you like to Based off of what I was saying like I mean It's great that you guys know and that the individual projects are telling you but to his point if they're not talking to each other Then it's a loss So is that like the end goal is like have them all kind of get you up to speed and then bring them all together and You know with their main maintainers or project reps and then go forward. I don't we haven't thought that far ahead I don't think No, but one of the things that you also you were mentioning Steve earlier is that We we have project representative now for each project and they are invited to to the TOC meetings So the TOC the meetings first of all are public everyone can join but we have like a specific representative for each product and I think we have been having quite a good attendance from the beginning of 2023 about 75% I think was last time I checked on their project Representative joining the the TOC meeting so that means that when the other project come and do their presentation At least one person from each of the other project is aware of what it's going on And that's hopefully triggering this kind of conversation like I was mentioning that in the Teckton designing artifact should be aware of other projects and what they are doing in that space so that we can have this kind of conversations Yeah, yeah, all right. So let me give you a concrete example of this so Earlier this year we had our friends at Apple Said well, we really want spinnaker to support CD events that be handy for us All right, cool, and then our friends at Fidelity said wow, you know, we really like CD events in Jenkins These are good things. So notice that this came from I mean these are folks that work closely With CDF TOC but this can come from anywhere in the community So if you have an example anybody has an example of wow, I really wish these two projects did X together Let us know Let the project folks know This is you know, I really got a problem with the whole technical oversight And I really believe strongly that it should be like technical nudging committee Where it's like hey, you know That's what the open SSF goes under is the tack. I don't know does anybody know what the CNCF calls it That's TSC. Is it a TSC? Yeah, there's there's also steering. Yeah, wait, but you again Nudging nudging. Hey, you know, so you can tell we're we're definitely developers because we just go copy repos Do a search and replace and call it ours. So That's us We try not to reinvent stuff and just do the copy part so And that and because of that it is an evolving process, you know, we know that we don't have everything right And when people point stuff out we go and try to fix it. I Know initially before I got involved with the committee itself I was nervous about even joining a call like that like is it secret Is this all stuff that happens that is you know, am I going to be a complete stranger? It's like walking into a room and nobody knows who you are, you know But I think one of the most important things you said is that these meetings are public You do have a voice. We do want to hear it They're recorded too. So if you're curious what a meeting sounds like or what is talked about that's all out there on YouTube and A set of really good notes. I think Andrea is probably the best note taker You're not allowed to go anywhere So, yeah, so if you're curious about the next agenda that we have for the next TOC meeting take a look at it and show up Okay Is there anything you need to share with regard to elections that are upcoming? I think I've seen election announcements What was that floating around? So there is a TOC group Google group email list and also there's just the the CDF Group email list as part of that We have the slack channels that are out there For the for the TOC for the CDF So all those can be found off of the CDF website But which elections are going on now? Yeah, so we just completed the end user representative election so we have to new representative Neil from Fidelity and that is you from Apple that joined us And we have now the yeah project representative elections coming now. I think nomination Oh, yeah, okay, so we have the the extra one So the slack workspace, I know it's you're like just another slack workspace But it's the best place to just get like the concise information with the links to everything So the CDF TOC project reps election process started May 4th and now we also have the general and end user member nomination period that starts and then the election nominations and May 16th and voting starts on the 17th So there are plenty of opportunities for you to get involved in a level where you have a seat at the table in addition to just You know joining the meetings and and raising your hand and having a voice So you can take your level of volunteerism Wherever you'd like to go and there are guidelines and it tells you like what you're eligible for and what you're not eligible for Based on if your company is a member or a company is an end user member or if you're just a member of the community I know that's like a lot of uses of the word member But that's why I'm saying just like click a link and it'll tell you all the good stuff You have to register to vote too So the way the voting works is that it they're gonna it's gonna look at your LFX tools is gonna look to see that for each project that is voting for their member rep You have to have at least ten commits Over the course of a year and if you don't if you're doing something else that you're being involved with it doesn't require it There's gonna be a form and I thought the form was supposed to go out by the 15th I know it's not live. It wasn't live last week So I thought the form went out on the 15th So we probably should check and make sure because the form says I do I want to be able to vote even though I don't have ten commits so that comes in the play like we have folks that do Blogs podcasts those type of things that you don't obviously don't have a commit for a podcast So we want to make sure those people are Able to participate and that's where that form that Tracy is talking about is out there Yeah, and on the CD don't foundation website Yeah, you can find in the top corner all the links to the slack and all the communication channels Anything else? I think we've got to wrap up here pretty close. Yeah, you're about the time Well, thanks everyone