 We're recording. Okay, so I'm just going to quickly share this share my screen and just very quickly remind everyone of what we're talking about for review submissions. Is the project a fit for the CNCF, according to the charter and the TOC principles. I think things that we need to bear in mind for the charter and the TOC principles are largely is it cloud native. And there is a thing in the TOC principles about having a strong technical identity, so kind of not just any old project we are looking for high quality project. But whether or not we want to assess for quality at sandbox is a thing but if we really think it's not going to meet those goals we might want to discuss. Is the project roadmap in line with the goals of the CNCF does the project appear to be on a good path to being well governed and vendor neutral. Also remind ourselves that if we're going to reject so if we do vote no on any project we should make some notes about what the reasons were for voting no. Alright, with that in mind. Should we just work through the, I guess since I'm sharing I've got got a copy of the thing here. Should we start with Camus? Anyone got any thoughts or comments about this project? It's, it's difficult, I mean it's difficult to know if they've got what kind of governance at all there is or who I mean doesn't have a maintainers file, which makes it difficult. Yeah, as Michelle says don't have a code of conduct I mean how, how, how much are we going to ask for upfront for that for kind of structured governance and things like that. Well, didn't we ask for a link to. Sorry. I was gonna say didn't we ask for a link to the code of conduct for example in the form itself. Yeah, yeah, so we did. And this one says not found. No, right, right off the bat, right. Yeah, okay, so I guess, Amy, when you filled in the spreadsheet did you reach out to them at all because in this circumstance. Oh, these are the retrospective ones. Well, I mean I still say we say no long ago. Yeah, I think we still have to say no and then just provide good feedback and they can always reapply. Okay, so we can say no because no code of conduct, but you don't have to wait for six months which is our, the normal scheme of things. Yeah, I think given that yeah I think given that. Yeah, that makes sense. Yeah, the other thing I wanted to, when I was looking at this I saw the website and so on is quite soluto oriented so I think maybe if we're going to say no we should also give them some advice around making sure that they understand the vendor neutrality requirements. Michelle suggesting could would we just say yes if we add a COC. Just push it to the next review cycle and ask them to provide to provide more information I'm pretty sure it's not going to be the only one project that when I have information missing. Right, folks here me. Yes. Hey, so when I, when I talked to these folks like a year ago, one problem that I found with this project is they had no story around key rotation. Do we, and they didn't seem to care about that either. Do we do we know if that has changed here. I believe they have got a story on that now if I recall correctly from looking at it. Okay. There are other. I mean, there's also the fact that it's written in C sharp, which is kind of an unusual choice in our world. I don't know if we consider that just I think we should be very careful about saying things like that. Yeah, me too. I don't, I really would prefer not to get into the language game. Right. Okay. Yeah, I mean my, my main issue with this project was the key rotation stuff, which is it, I mean it sounded like a fine idea to me but the fact at the time that they hadn't even thought about it seemed odd. So I would just want to know that they are at least thinking about that. They did have a detailed threat model, which I thought was unusual for a project in this kind of stage which I was, but I didn't have a chance to read it all through and see what was in it. But I did think that they had actually spent at least spent some time thinking about what they would about those kinds of things so as I'm just looking at a PR that says add support. It's a merged PR and committees add support for automatic key rotation. Okay, cool. Sounds good. So actually, are we saying, do we, do we still want to say no sort at the COC and come back next time or do we want to hold a vote and say it's, if you add a COC you can, you can join. It sounds like you thought that there was too much vendor in there too, right which feels like something. Yeah, okay, so we should just get them to double check that they are happy with that and if they want to add a COC resubmit will do them next time. Yeah, that feels right. Plus one. All right. Next one is CNI genie. Any comments or concerns on this one. Shall we go to a vote on whether to accept it. Okay. How about if, if I say votes for CNI genie in the chat. People can put there. You know, we'll know that it's in for CNI genie Michelle saying no issues. I don't see any issues. Cool folks rolling in. Yay. All right. Next one on the list is captain based. Control plane. Any comments or concerns. My notes on this. I thought it looked actually in really good shape. So let's go to a vote. Yeah. It's not like captain. I was about to mention that even SIG up delivery did a review on the project. So which was positive by the way. Next one on the list is Victorian metrics. The one thing that I was worried about here is that it appears to me as though Victoria metrics is the name of the project and the name of the company. So they would need to change the name of one of those things. When does the, when does the trademark donation happen? Is it, does it happen after they become a sandbox project? Yeah. Basically from day one. Yeah, it sounds like a valid issue. Let's give that feedback and move on. Okay. So. We'll go back to Victoria metrics and say you realize you will have to change one of these things. But there's also Michelle raising a concern about contributing guidelines as well. It's pass. I'm just reading that out because of for the benefit of the recording. Yeah. All right. So let's go back to Victoria metrics and kind of double check on the trademark issue. The fact that it is, you know, a year old. So they may have rethought we might want to just check. I think that in other respects, it looked like an interesting, an active project. So if I didn't have concerns about the trademark side of things, I'd be voting for it. Are you happy with that, Amy? I am indeed. You can move on. All right. Okay. The next one is Kudo, which we have had some discussion about before. When was the discussion? Operator framework to join that project. Do you know the program there? Sorry, I couldn't quite hear the beginning of that. Yeah, I heard that they are talking with a pretty framework to join that project. So they want to merge the two projects into one. So I found a link to the there. I don't know what, whether they emerge or not. I believe they're not merging and they decided they wanted to stay as a project in their own right. But I think one of the maintainers from Kudo is now also a maintainer on Operator framework to try and help with the kind of collaboration between the two projects. So a link that was posted. I mean, as far as I can tell, this is an independent healthy, very, very active project. Yeah, I think given what we're saying about Sandbox. I mean, merging while in Sandbox would be a perfectly reasonable outcome. Yeah, Kudo is still figuring out what it wants to specialise in this from Michelle. But they're energised and want to make things better in the Operator world, which I think is as good a reason to admit something into Sandbox as any. Shall we hold a vote on Kudo? Yeah, I think votes good. Votes for Kudo. Oh, I've changed the window. Chaos Smash is the next one on the list. So there's two of these. Chaos projects. This one's Pincap. And the other one is Litmus project. Litmus Chaos, sorry, from Maya Data. Not that there's any reason not to have two competing projects. In Sandbox at the same time. Any thoughts or comments? Oh, Kodo Conduct not found on this one. Good spot, Michelle. All right. So I think do we want to go back to them and say you need a Kodo Conduct or do we want to, and ask them to resubmit next time? Yep, that sounds good. Yeah, I feel like that's the right thing to do. I mean, I feel like we shouldn't worry about saying no to people, I guess, and having them resubmit. Right. Yeah, hopefully we can make this process. Kind of frequent enough that it doesn't. Doesn't seem too much of a blocker. Yeah. Okay. Right. Moving on cloud custodian. I have to express a kind of conflict of interest because my company does something similar to this. So I'm just putting that out in the open. Anyone wants to say anything about this project? I know that the folks there. Capital one, they're definitely interested. And I think unlike many, it's, it's not a, I don't think it's going to go become commercial product necessarily. So I think it's, it's a good one to have. Yeah, I think it's, you know, it's end user driven. And it's also quite active. I like to look at the contributor community and the, the commit frequency. I mean, this one is like way up there. Yeah. Yeah. Yeah. I think despite what I'm saying about conflict, I think it's actually a really good project. All right, should we do a vote for this one? It's for cloud custodian. Okay. Next one is serverless workflow spec. Yeah, no, no code of conduct for this one. I think that because they've come from the working group. Like, I think they've come out of the, the CNCF servers working group. So they probably assume they're under the CNCF. Code of conduct already. The work group should have a C code of conduct at least. Right. And Michelle's saying it doesn't have one already. Okay. So that seems like we should be consistent and say, please come back with a code of conduct. So I think this is kind of in the spirit of things that the CNCF, you know, it's a neutral, neutral ground for collaboration, but they can presumably carry on under the working group regardless. So come back with a CSC. Sounds good to me. Michelle making a signed note that we should make sure all the six have code of conduct as well. Do they not inherit. By default, the CNCF code of conduct. Yeah, we expect them to, we put the code of conduct in our foundation repo. If we technically put it in the, I think the dot GitHub repo would inherit and would inherit across all repos. So that's more of just a little task that we could kind of do. Yeah. To make that easier. But yeah, I mean, they've been working under the serverless working group for a long time. I do think that we should make sure that it's present in every repository. Just yeah. Yeah, I think the Kubernetes repos have some sort of job that checks. The GitHub makes this easy now. We just have a dot GitHub repo and it inherits everywhere. Nice. So. Is there, I'm just wondering if the. Serverless working group. Yeah, I mean, do we already have that dot GitHub file in CNCF? And does that mean the working group is. Subject to that. No, we don't have it. We have the, we have the code of conduct that pointed you to, but I'm going to create it now because it's just going to take me a second. Yeah. Okay. All right. So I guess. We, we move on. Come back to them next time. Yeah. And the next one is debt. Any thoughts or comments about debt? I don't know if any of you are following the. Comments on this spreadsheet. If anyone wants to go and double check into the minutiae of exactly who from VMware has all has not contributed to this at any point in time. There's a note in the spreadsheet saying the code of contact is the core OS code of conduct. I don't think we don't actually require a specific code of conduct. We just require that there is one and it's reasonable, right? Correct. Projects could choose their own code of conduct. Are we going to say as part of being accepted into sandbox that they have to change to the CNCF code of conduct? That's generally what we recommend. I mean, there's many exceptions where like Kubernetes has a slightly different, you know, model where they have a code of conduct committee. The CNCF one's a little bit different where it just goes to the CNCF one. I don't think that's a blocker for. For decks, right? So should we hold a vote? Any other comments about decks? Let's do votes for decks. The next one is litmus chaos. And. The one thing I thought about this was this was from Maya data and the project is quite. Sort of labeled as. As a Maya data project at the moment, so it would need some work to. Look more vendor neutral than it currently does. To comment on that. They have previously did the work for open ABS over time to kind of strip out all the Maya data stuff. So they've done the work in the past. So they're probably capable of doing it again. Any other comments or concerns? Before we move to a vote. Should we wait until that's complete or. No, I don't think we should because it's kind of. Well, partly because we already say we give. Projects a grace period and partly because. Like. If they go to all the work of becoming vendor neutral, and then we say no, that seems rather unfair. Okay. And who's going to follow up to make sure this gets done afterwards. Okay. I think we should move to the staff. We monitor projects. I can't afford them to this. So I wouldn't worry about it. They've been, they knew the pain with open EBS in the past. So I think they would move faster this time around. Cool. Sounds good. I think for these, these projects where we're saying, you know. You need to do the vendor in your child's work. We do need to make that clear as we tell them that they've passed. So Amy, can you make sure that happens. Can do. Right. So, so key cloak is the next one on the list, but they are going for incubation now instead. So unless anybody particularly wants to, I think we just skip over and move to metal cubed. Such a great name. Any questions or comments? No. Okay, the conduct roadmap. I did find myself just having that kind of. Well, don't know if this is, I was I was asking myself why, whether there are any alternative projects to this and and what the motivation for joining CNCF is for this project. I think it's also a very interesting use case of bare metal host provisioning. It has a good point of integrating with the class 3 EPAs. I think I'm not sure how much neutrality it had at this point which you know it's not a requirement for sandbox projects but it was that question of does it have and I'm not be wrong. I think many definitely many projects at sandbox stage lack vendor neutrality for sure. Right it just makes me ask the question of like is that what they're aiming for with with the application? You know maybe that's it maybe you know by joining the CNCF they are going they are looking for that vendor neutrality but I don't they're not particularly on that path as we look at them today. It doesn't have to be a blocker but. Is it the other question? Do they have the same problem where metal cubed is the name of the company? I think it's red hat isn't it? It is. Yeah. Oh it is okay. I'm just curious why given it's based on ironic why they're not going to the OpenStack Foundation as well it's kind of. Because it's related to Kubernetes I mean could go either way. Yeah I guess so. They also have a pluggable model for for providers and although Aronic is is the only one today they have all the hooks for implementing others. Okay so no COC and no roadmap I guess that means automatic no and then revisit this once they reapply. I think that's right. Right moving on to artifact hub with the storied history. So my reservation about this is that if this hadn't come from CNCF but this has come from you know some other source I think we'd be looking at it and saying this seems very early stage even for sandbox. You know the community interest has not been huge at this point. You know I have a question is this still a CNCF funded project? You know there are just a very small number of developers actually working on it. Are they consultants? Yeah there's there's contractors that are working on this and I think Matt Farina is helping out from the helm community as far as I know but I'm not involved day-to-day. I could find out more information. Yeah I mean right now it has four contributors and 104 stars. One of the contributors three commits by Matt and one's Dan Kern so it's basically the two people who've been paid to work on it which is not very strong community showing. Yeah I mean it's a little bit difficult because if you look at CNI Genie it's basically one or two people and we had no issue with that one apparently. Yeah I don't think we're saying contributors or number of contributors is a blocker for sandbox anymore right? Yeah but we I think we have to believe that it's a project that has some community interest don't we? I mean is it a real fit for? I think that's really hard to gauge because it's it's a trade-off right it's you know you could have a project that is not popular but part of the reason they want to get into sandbox is because they want to build a community around it. In that point as well the artifact hub has been around for just a couple of months. The initiative was presented in January and I think there was kind of some traction in March so it's still not enough I think to get enough like enough community around it yet but I still think it's a good idea overall as a project. It's also meant to host artifacts of different cloud native projects so the contributions can be divided into two parts like one contribution code contributions other people contributing the artifacts to be hosted there. I think it's a good initiative too. And yeah I'm agreeing with Michelle here as well. I've been at the meeting when artifact hub was introduced to the end user community and it was I would say tilting link plug tour is a positive end but yeah I think it requires a bit more time to actually see that. So I think this is difficult because we might have a bit of a chicken and egg situation you know it is artifact hub not getting community interest because it's not really clear who's driving it. It has a strange heritage because of its you know the way that it came about but I'm just I struggle to see that if that project had come from another source that we wouldn't be saying well you need to prove a bit more just a bit more community interest before we know that it's really on the right path. Yeah I'm wary of the community interest as a bar for our new sandbox just because I feel like we want to use the sandbox as a way to encourage adoption so it's definitely a chicken and egg problem. Okay do you do people want to move to a vote on it? To be honest I don't mind skipping it but at the same time Chris puts a very good point like do we need to give a consistent quarter of releases not quarter just a consistent nine of releases because C&I Genie for example is not does it mean we will revise that project as well? Because I think we should kind of have more interest and to be fair we've sat on C&I Genie for how long a year a year. Now C&I Genie might go actually yeah it's too late you've missed the vote. I'm just more concerned from you know if a project hasn't released in a year what does that mean is it stable not really maintained anymore just something to consider as you review project proposals. And regardless of what we do I think we should aim for consistency for sandbox at least let's make it kind of as much binary based on a bunch of checklists as possible and so whatever the criteria is that we hold let's make it clear and let's apply that to everyone. Yeah so if we just go back to what we're saying is is it a fit that is yeah is it essentially a cloud native project is the roadmap in line with the goals? Does it appear to be on a good path to becoming well governed and vendor neutral? So I think one way of interpreting this whole vendor neutrality issue is you know does it I mean at the moment it's funded by a vendor neutral organisation the CNCF. Does it look like it's on a path to kind of community adoption? Seems a bit soon to say that to me that's my worry anyway. Yeah I mean the project was supposed to have a natural community of the people distributing artifacts that and the existing artifact projects and I'm I kind of had assumed that they would get involved when this thing came out and I'm just a bit concerned that that they haven't been at all because these were the you know these were the people it was meant for. So yeah if they spend some time targeting getting people involved for you know rather than running more go that would for the next few months and we can revisit it that would be that would make sense to me. I think I feel similarly okay so shall we move to a vote on it or I mean do people feel motivated to vote on that one? I think so because from my perspective you know what I listened to about this project is does Chris specifically seems like CNCF is pretty committed to you know to funding it and that for me that's no different from a startup funding a project and you know any any any other projects that the folks behind it could be pulled as well and and and you know as sandbox I think that alone probably qualifies but but you know I certainly would I actually kind of believe we should you know it's just like just like we shouldn't treat CNCF in a in us in a in a special way but but we shouldn't reverse discriminate either so if if you know if our own organization wants to fund the project I just don't feel like they should be held at a higher standard. So there's a couple of interesting comments in the chat Chris mentioned that you know project sandbox goes around with reviews so we always have a chance to say no after a year if it isn't going anywhere as a failsafe. Michelle saying the question I'd go back to the project with all the feedback I give is how do you plan on getting the community involved because I don't want this to be an effort only sustained by contractors and then but what if people aren't involved because it's not a sandbox project but then again if somebody you know if random Joe blocks comes to us and says I'd like my I've been paying two contractors for some number of months to build a project and it looks like this and would we would we think this is a good basis for the project? I mean I think so I looked at I looked at the Git repo they're even running a little service you know it's a discovery service it took me a while initially I was a little confused but I think once Matt explained it to me it seems to make sense and there's no guarantee it's going to be successful but you know it's certainly something worth doing. Shane convinced me with the reverse discrimination point it would be a fine thing if it would be fine if a company used some contractors to build a thing out and then contributed that is true and I guess we know that it is intended to be a you know right from the get go it was intended to be a CNCF initiative as in a neutral initiative. Does anyone else have any points they want to make before we move to a vote? All right let's let's move to a vote. I can't type half there we go where were we that was artifact hub the next one is Cuma. Anyone have any questions or concerns about Cuma? I'd be curious about Matt's opinion too because it's a it's I talked to Kong about it actually but since it's an envoy you know yeah where's our resident service mesh expert? From a sandbox perspective I'm for sure supportive like I don't I don't really see the harm you know they appear to be attempting it in a non-Kong specific way and they've made good effort on their website and their documentation you know to not really reference Kong so you know I would not be supportive of any stage beyond sandbox but you know especially with the lack of a envoy based server smash in the foundation currently it seems fine to me sorry I think Michelle's asking until they have a freemium model I mean the the whole thing is free as far as I know I don't actually know of any any enterprise product that they're doing currently if anything they would be doing support so I don't I don't think there's any open core type model here I think it's all there. I did have on my notes you know if we accept them to make sure that they understand the requirements for neutrality I think as things stand there is some Kong branding is there okay if there is yeah we should definitely have them remove that for sure I've had enough conversations with I think Marco over there that I think they get it so yeah Marco is Mark he's he's definitely motivated for sure I would consider a part of onboarding the sandbox to kind of get them to strip any things that we that we find so I wouldn't consider that a blocker we've had other projects do the same right should we move to a vote? five minutes but we might be able to extend a little bit let's see next one is Pasek um just to say that I I am a I was a founder of this project and I they have added a code of conduct so I probably won't um oh yeah I've got a conflict of interest on this one but it's it's it's I'm not really very much involved now apart from talking to them because it's mainly I'm working on it now but um I thought this looked look really cool I was it's actually really close to hardware I was I guess that was my one question is is CNCF? I mean they they are working closely with Spiffy um and they are basically they want a neutral ground to work in because Microsoft wanted that before they contribute um and it was originally I mean we I was involved because originally because we were using it potentially for container based use cases and I think that's still a use case that they're very interested in as well so I think it's um generally I mean yeah that there potentially are other places in the left they could go but they they are supportive of CNCF and interested in being in CNCF I think it's a I think it's a really cool project I I talked to them about it it's a it's a very ambitious project but you know but I think technically it's really sound it's just a lot of you know like key management kind of capabilities obviously we know that the the the really the most secure form is through hardware but there's just no standards for it everyone does it a little differently and they're they're kind of I mean at a grand scale they're trying to uh create some kind of a common interface for that so it's quite noble uh you know you know you know if ARM takes the lead I think it's a really good thing for the for the industry there's a nice load of you know different organizations involved I thought it was you know really good candidate for we want to be in a foundation because of neutrality so all right should we take this one to a vote the next one on the list is k3s in the next three minutes yeah awesome yeah maybe I'm thinking maybe we should I actually need to need definitely need to be on for this discussion but I I definitely I actually need is a hard stop and they're like three maybe I do too I have a hard stop at nine sorry right let's skip k3s because it will take discussion and do you think we can get through bfe in the three minutes remaining it's another mesh related one so why not yeah so we'll just have to apologize to k3s that we didn't have enough time bfe looks pretty similar to things like ambassador am I right with that any reservations or concerns it it powers by dude so it's definitely runs at scale huh all right let's do your votes for bfe do we want to try and do squeezing cross two minutes do it one minute I see two minutes okay any thoughts or comments about cross playing I'm pretty typing votes for cross playing just so we can be ready to go I mean I I'm I think it's a pretty interesting project it is a little bit tied into upbound in their company but I think that not any more than a lot of other projects so yeah I like I like it I think it's a really interesting use case for Kubernetes it's not really at least the company name is not cross cross playing so I think it's fine yeah I think they're gonna have to work on governance I would be my guess going forward or at least participation but that's not a blocker for senders right so the usual advice to make sure they get you know properly neutral and we'll keep an eye on them from governance point of view let's go to the votes all right up yeah I'm gonna say no bye bye well thanks everyone yep bye okay we did super well awesome