-
Notifications
You must be signed in to change notification settings - Fork 74
Open
Labels
lifecycle/frozenIndicates that an issue or PR should not be auto-closed due to staleness.Indicates that an issue or PR should not be auto-closed due to staleness.
Description
Objective
- Collect user data to validate assumptions and inform decision-making
- Find out who is using our tools
Related user stories
- As a downstream consumer of K8s releases, I would like to be able to check the integrity of binaries, container images, documents, and other files that form a K8s release, so that I can trust that the release is secure.
- As a downstream consumer of K8s releases, I would like my releases to comply with SLSA 3, so that I can be maximally confident that my release hasn’t been tampered with. (See also KEP #3027)
- Hyperscalers, products on top of K8s. The notion of trust doesn't apply to them? They don't need K8s to be SLSA 3-compliant. They pull the source code to build something themselves. People trusting us build custom installers (KubeSpray, for example), end users building K8s envs because they don't have a choice, sovereign cloud.
- How people use the images
- What they expect to have in the images
Tasks
- Ask CNCF users tag for ideas on data collection/surveys
- Seek data on who is using our tools
- Develop mechanism to collect regular feedback
- Ask Cluster Lifecycle for their data
- Involve SIG Contribex Comms/K8s mailing list
- Maybe Brandon Mitchell should be involved. He led the OCI initiatives including standard, security, artifacts https://github.com/sudo-bmitch
Reactions are currently unavailable
Metadata
Metadata
Assignees
Labels
lifecycle/frozenIndicates that an issue or PR should not be auto-closed due to staleness.Indicates that an issue or PR should not be auto-closed due to staleness.
Type
Projects
Status
In Progress

