Onboarding RapiDAST
by Jeremy Choi
Hi all
RapiDAST is made public now at
https://github.com/RedHatProductSecurity/rapidast.
RapiDAST is currently providing a framework for automated dynamic scanning
against web API. The goal here in terms of OperateFirst is:
RapiDAST to be running as a service for the community hosted on operate
first clusters. Any service running on operate first and any other
community service can use RapiDAST to check for security risks in their API.
For onboarding, implementation of an operator and work to get it onboard is
yet to be done. Any guidance or references on processes, requirements or
implementation will be much appreciated.
Thanks
--
Jeremy Choi / Red Hat Product Security
2 years, 8 months
Charter for SIG-Community
by Karsten Wade
Hi all:
Thank you to everyone who was able to drop by the Slack channel on
Wednesday. The threads there are still ongoing,
From those discussions and my experience I put together a quite-drafty
document, a sort of strawpond for you to throw various pebbles at—ideas,
corrections, additions, questions, etc.
https://github.com/operate-first/community/pull/124/
Please use the "Files changed" tab to add comments via the "+" next to a
sentence and its line number. When in the comment, you can use the vertical
"+-" button to make a suggested edit or change. This is a useful feature,
making it easier to commit your suggestions to the PR.
I am pasting the contents below so we can discuss in this email thread as
well:
# SIG Community
## Scope
This SIG cares about all aspects of what is helpful and harmful to this
open source software community.
We understand that this project is a human endeavor, and it is our job to
put people before practice, process, and even principle.
**What does it mean to support a community?**
It means understanding and putting resources into whatever is important to
people in this community.
We put our own time and energy into this support, and we help coordinate
and direct project resources.
**What is an open source project compared to a community?**
A _project_ is a general term referring to an effort by people to
accomplish something that requires time and multiple steps. Pruning a rose
bush is a task, where a multi-year effort to plant a new rose garden is a
project.
An open source software community is a type of _community of practice_, and
the software project is the place where the community practices.
You can have a community without a project, which is really a social club.
But you cannot have an open source project without a community.
However, not all open source software is maintained by a project.
It may rather be maintained by an individual, or a single organization by
fiat.
### In scope
* Creating and maintaining an open source governance for the project
- In particular establishing democratically elected overarching
leadership or focus committees (Steering, Security, et al)
* Establishing further SIGs to take over specific purviews from SIG
Community
* Being widely inclusive and holding a vision for diversity and equity in
the project
* Supporting diversity, equity, and inclusion with actions and resources
* Maintaining project Code of Conduct and related reporting and response
processes
* Care about and improve the user and contributor experience
* Create and maintain user personas for the project
* Establish a project-wide documentation approach
* Establish project-wide communication norms
* User and contributor onboarding, i.e., the process for bringing new
people into the project
* Creating and maintaining project role definitions and
responsibility/authority matrix
* Keeping track of project and community health, including the use of
metrics
* Work with SIG Operations to scope and define the infrastructure of
participation for contributors
* Ownership and financing (domain names, other project assets)
* Ensure project-wide transparency
* Set project technical direction and maintain a development roadmap
### Out of scope
* Directing project infrastructure
* Handling embargoed security discussions and responses
* Being the body that leads the project beyond the ratification of
Governance 1.1, which will establish one or more leadership committees.
## Stakeholders
* Contributors, and by extension contributors' organizations
* OpenInfra Foundation, via OpenInfra Labs relationship
* MOC?
* Open Source Developers (user persona)
### Subproject Creation
Creation of subprojects happens through SIG consensus, coordinated by SIG
Chairs.
All subprojects and their memberships are tracked in
[sigs.yaml](../sigs.yaml).
--
Karsten Wade [he/him/his] | Senior Community Architect | @quaid
Red Hat Open Source Program Office (OSPO) : @redhatopen
The Open Source Way : https://theopensourceway.org
Operate First : https://operate-first.cloud
2 years, 9 months
Re: Getting it started-up: Community SIG
by Karsten Wade
On Tue, Jan 18, 2022 at 11:24 AM Daitzman, Michael S <msd(a)bu.edu> wrote:
> It is too easy to miss email and I am, regrettably, very calendar driven.
>
>
>
> What do others think? Is there some way to automate this?
>
>
>
I'm with you 100% but didn't think ahead on this one.
While I'm sure we can maintain our own calendar with an .ical output, I
registered operate.first.community(a)gmail.com last year because I've been
down the road before of how you need a non-work Google account for
effective open collaboration.
So I have recreated the meeting invite but coming from
operate.first.community(a)gmail.com, and that can get us going.
https://calendar.google.com/event?action=TEMPLATE&tmeid=NTRzM3YxZjkyazNnZ...
From here we'll need something that scales better for various SIGs, but
this will work for the moment. Everyone who was invited to the former one
now has an invite to this meeting. Anyone else can use the above link to
put the event on their own calendar.
Does this help for now? I do think this is a worthy thing to address across
the project, and I bet we don't need to reinvent that wheel.
- Karsten
2 years, 9 months
Getting it started-up: Community SIG
by Karsten Wade
Hi all:
So we get to instantiate a new special interest group focused on all of the
aspects of using, participating in, and contributing to an open source
project: the Community SIG or `sig-community`.[1]
I propose we have an instantiating meeting this week and decide on some
clear proposals to take back to this list, including figuring out a plan
for when the Community SIG meets and how.
But this meeting-to-decide-when-to-have-a-meeting should be as accessible
as possible.
Instead of real time voice or video, how about a semi-live discussion over
a block hours in Slack?
I propose we meet in Slack on Wednesday 19 January in the now-renamed
#sig-community channel. We can have a real-time and asynchronous
discussion, recorded in the channel with the logs archived and sent to this
list.
19 January 2022
13:30 UTC - 19:30 UTC
(05:30 - 11:30 PST)
https://join.slack.com/t/operatefirst/shared_invite/zt-o2gn4wn8-O39g7sthT...
https://operatefirst.slack.com/
Who is planning to come? I can add you to a calendar invite.
Can I get some facilitating help? I don't plan to be there for maybe the
first hour, but I will be there ahead of time seeding the agenda. If one or
two of you are there at the opening, welcome people with The Spiel*, and
lurk or guide. You can do this alongside other work, etc.
Looking forward to seeing you all then!
- Karsten
* The Spiel is the kind and useful welcoming message you'll give a few
times, and it should include relevant links for the meeting.
[1] The new governance instantiates only two SIGs, Community and
Operations. The Operations SIG scope is all the things running the
prototype Operate First community cloud environment. Therefore, anything
not in that is in the purview of the Community SIG: user and contributor
experience, training, marketing, social media, organizing and building the
community, etc.
2 years, 9 months
Governance 1.0 ratified
by Karsten Wade
Hi all:
Congratulations! We have a bouncing, brand new governance:
https://github.com/operate-first/community/blob/main/governance.md
Now let's go formalize some SIGs, subprojects, and working groups.
Who wants to help kickoff the Community SIG with me? I'll start a separate
thread about that, and encourage folks interested in the Ops SIG to do the
same.
Formally, we have reached consensus for the initial project governance for
this community, aka Governance 1.0. The new governance calls for a minimum
of 72 hours for people to respond for consensus votes, longer for
consequential decisions.
In the case of this governance, the initial PR was opened on 08 December
2021. Fourteen people have directly reviewed and left comments, all of
which were responded to, and any changes are merged into the pull request.
All conversations are available in the pull request and to be reviewed by
the Community SIG or designee e.g. a "Governance 1.1 Working Group" for the
process of drafting the next iteration of the governance.
Out of all of the reviews so far, there have been no blocking votes (-1)
and no indication of any kind of serious concerns with this document.
Therefore, we achieved consensus and maintained it essentially for five
weeks. Well within the guidelines of the governance.
We're working on some planned changes to the menus on the website, and will
incorporate this governance into the menu structure asap. If you are
interested in helping with that, grab me in Slack or email me, as I reckon
to take a pass at the first few changes.
Kind regards,
- Karsten
--
Karsten Wade [he/him/his] | Senior Community Architect | @quaid
Red Hat Open Source Program Office (OSPO) : @redhatopen
The Open Source Way : https://theopensourceway.org
Operate First : https://operate-first.cloud
2 years, 9 months
Fwd: The Call for Presentations for the OpenInfra Summit Berlin is Open!
by Marcel Hild
Since our community is connected with OpenInfra Foundation via
https://openinfralabs.org/ !
Let's submit talks and workshops for Berlin.
For all accepted, I can show you around in the city then :)
---------- Forwarded message ---------
From: Open Infrastructure Foundation <community(a)openinfra.dev>
Date: Wed, Jan 12, 2022 at 7:01 PM
Subject: The Call for Presentations for the OpenInfra Summit Berlin is Open!
To: <mhild(a)redhat.com>
Join the global community in person at the Berlin Summit 2022
[image: Join the global community in person at the Berlin Summit 2022]
<https://t.e2ma.net/click/mrlvsd/y8qkdun/uhjhnr>
Be a part of the Berlin Summit in 2022!
<https://t.e2ma.net/click/mrlvsd/y8qkdun/aakhnr>
SUBMIT YOUR PROPOSALS
*The Berlin Summit CFP is Open!*
The Call for Presentations (CFP)
<https://t.e2ma.net/click/mrlvsd/y8qkdun/q2khnr> for the upcoming OpenInfra
Summit in Berlin (June 7-9th) is NOW LIVE!
The CFP for this year’s OpenInfra Summit
<https://t.e2ma.net/click/mrlvsd/y8qkdun/6ulhnr> includes presentations,
panels, and hands-on workshops covering over 30 open source projects.
Expect to hear about the intersection of many open source infrastructure
projects, including Ceph, Kubernetes, Magma, ONAP, OPNFV and the projects
hosted by the OpenInfra Foundation: Airship, Kata Containers, OpenInfra
Labs, OpenStack, StarlingX, and Zuul
2022 Summit Tracks for submissions include:
- 5G/NFV/Edge
- AI/Machine Learning/HPC
- CI/CD
- Container Infrastructure
- Getting Started
- *NEW: *Hardware Enablement
- Hands-On Workshops
- Open Development
- Private/Hybrid Cloud
- Public Cloud
- Security.
You can find the full track descriptions here
<https://t.e2ma.net/click/mrlvsd/y8qkdun/mnmhnr>. Please note that Forum
topics will be chosen at a later date and are not part of the CFP
submission process.
SUMBIT YOUR TALK NOW! <https://t.e2ma.net/click/mrlvsd/y8qkdun/2fnhnr>
The deadline for CFP is February 9th!
*Join The Programming Committee!*
Want to help us select the talks being featured at the Summit? Submit your
name for the Programing Committee
<https://t.e2ma.net/click/mrlvsd/y8qkdun/i8nhnr>!
There is *one week left* to nominate yourself or a colleague for any of the
tracks listed above for the 2022 Programming Committee. The Deadline is
January 19th.
JOIN THE PROGRAMMING COMMITTEE
<https://t.e2ma.net/click/mrlvsd/y8qkdun/y0ohnr>
*Register Now to Get Early Bird Pricing!*
Have you gotten your ticket yet? Make sure you register before the early
bird pricing ends <https://t.e2ma.net/click/mrlvsd/y8qkdun/etphnr>!
The OpenInfra Summit will be a limited capacity, sellout event. A limited
quantity of early bird pricing tickets are available, so save your seat
before they run out!
REGISTER NOW <https://t.e2ma.net/click/mrlvsd/y8qkdun/ulqhnr>
*Become a Sponsor!*
Does your organization want to be represented at the Summit? The OpenInfra
Summit Berlin sponsorship prospectus and contract
<https://t.e2ma.net/click/mrlvsd/y8qkdun/aerhnr> are live!
Becoming a sponsor is as easy as 1, 2, 3!
1. Review the Prospectus <https://t.e2ma.net/click/mrlvsd/y8qkdun/q6rhnr>
2. Sign the Master Sponsorship Agreement
<https://t.e2ma.net/click/mrlvsd/y8qkdun/6yshnr> (New Sponsors Only)
3. Sign the Berlin Sponsor Contract
<https://t.e2ma.net/click/mrlvsd/y8qkdun/mrthnr>
BECOME A SPONSOR <https://t.e2ma.net/click/mrlvsd/y8qkdun/2juhnr>
*Want to hear more from the community? *
The Open Infrastructure Community Monthly Newsletter shares the latest
developments and activities across open infrastructure projects, events,
and users supported by the OpenInfra Foundation.
Sign Up Now
<https://app.e2ma.net/app2/audience/signup/1886083/1771360/212626272/29513...>
Love what the OpenInfra community is doing?
Join to support our mission!
<https://t.e2ma.net/click/mrlvsd/y8qkdun/icvhnr>
[image: Twitter] <https://t.e2ma.net/click/mrlvsd/y8qkdun/y4vhnr> [image:
Facebook] <https://t.e2ma.net/click/mrlvsd/y8qkdun/exwhnr> [image: LinkedIn]
<https://t.e2ma.net/click/mrlvsd/y8qkdun/upxhnr> [image: YouTube]
<https://t.e2ma.net/click/mrlvsd/y8qkdun/aiyhnr>
SUMMIT <https://t.e2ma.net/click/mrlvsd/y8qkdun/qazhnr>
CFP <https://t.e2ma.net/click/mrlvsd/y8qkdun/62zhnr>
SPONSOR <https://t.e2ma.net/click/mrlvsd/y8qkdun/mv0hnr>
REGISTRATION <https://t.e2ma.net/click/mrlvsd/y8qkdun/2n1hnr>
*Share this email:*
[image: Email] <https://t.e2ma.net/share/outbound/e/mrlvsd/y8qkdun> [image:
Twitter] <https://t.e2ma.net/share/outbound/t/mrlvsd/y8qkdun> [image:
Facebook] <https://t.e2ma.net/share/outbound/f/mrlvsd/y8qkdun> [image:
LinkedIn] <https://t.e2ma.net/share/outbound/l/mrlvsd/y8qkdun>
*Manage*
<https://app.e2ma.net/app2/audience/signup/1886083/1771360/212626272/29513...>
your preferences | *Opt out*
<https://t.e2ma.net/optout/mrlvsd/y8qkdun?s=9RLqEKkLNJe13_QKzfn4Ts5nUhVjjL...>
using *TrueRemove*™
Got this as a forward? *Sign up*
<https://app.e2ma.net/app2/audience/signup/1886083/1771360.212626272/> to
receive our future emails.
View this email *online* <https://t.e2ma.net/message/mrlvsd/y8qkdun>.
PO Box 1903
Austin , TX | 78767 United States <#m_477486096651375222_>
This email was sent to mhild(a)redhat.com.
*To continue receiving our emails, add us to your address book.*
<http://mhild@redhat.com>
2 years, 9 months