private-distributors-list: add DaoCloud
pacoxu opened this issue · comments
Actively monitored security email alias for our project: kubernetes-security@daocloud.io
1. Be an actively maintained and CNCF-certified distribution of Kubernetes components.
DaoCloud is in the list of https://www.cncf.io/certification/software-conformance/
- and we also maintain an opensource project kubean(which is a kubespray operator). It is listed in
Certified Kubernetes - Installer
part of the page above.
2. Have a user base not limited to your own organization.
Yes
3. Have a publicly verifiable track record up to the present day of fixing security issues.
- We tried to extend the kubernetes long-term support at https://github.com/klts-io/kubernetes-lts. And we will try to help in WG-LTS after the workgroup is revived.
- We have submitted several CVEs to hackone. One of them is https://hackerone.com/reports/867699 by Kebe from Daocloud.
4. Not be a downstream or rebuild of another distribution.
No.
5. Be a participant and active contributor in the community.
https://k8s.devstats.cncf.io/d/9/companies-table?orgId=1
DaoCloud ranks top 10 in kubernetes community contributions in history, and top 5 if only counting recent 3 years.
Some of the active contributors from DaoCloud in the community:
- @pacoxu member of Kubernetes Steering Committee; kubeadm maintainer; sig-node reviewer; release signal team lead;
- @wzshiming kwok(sig-scheduling & sig autoscaling sponsored subproject) maintainer; sig node reviewer.
- @kerthcet sig scheduling approver and kueue approver, also working wg-serving & LWS & kube-scheduler-wasm-extension.
- @mengjiao-liu wg-structured-logging chair, sig instrumentation reviewer, sig-doc zh approver & en reviewer
- @windsonsea @my-git9 sig doc zh approver; @Zhuzhenghao @kinzhi are SIG-DOC-ZH reviewers
- @yankay kubespray(subproject) maintainer; we also have @cyclinder @ErikJiang two kubespray reviewers
- @carlory is now SIG Storage and CSI Reviewer.
Besides code contributions, we also organized several KCD and KCS in China including KCS China 2023, KCD Beijing 2021&2023, KCD Shanghai 2021&2024, KCD Chengdu 2022 and KCD Shenzhen 2023.
- @Iceber who is CNCF ambassador and containerd/clusterpedia/wasmcloud maintainer, lead the organization of recent several KCDs.
Most of the SIG maintainer talks in KubeCon China 2023 are by DaoClouder, including SIG-Scheduling, SIG-Node, SIG-Instrumentation, Kubespray, KWOK sessions.
BTW, we also try to maintainer kube lts version in https://github.com/klts-io/kubernetes-lts for an extended period, and it is open-source and only focus on high value CVEs currently.
6. Accept the Embargo Policy.
Yes.
7. Be willing to contribute back.
yes
8. Have someone already on the list vouch for the person requesting membership on behalf of your distribution.
VMware and Microsoft below.
- kubernetes/k8s.io#5361: add kubernetes-security@daocloud.io to https://github.com/kubernetes/k8s.io/blob/main/groups/committee-security-response/groups.yaml
More information can be found in https://github.com/DaoCloud, https://www.daocloud.io/en/ and https://docs.daocloud.io/en/.
+1
@ritazh (Microsoft)
ack
@kubernetes/security-response-committee any update?
@kubernetes/security-response-committee any update?
I haven't forgotten, just haven't had time to update distributor requirements.
Updated some new approvers/reviewers in Kubernetes Community from DaoCloud.
@kubernetes/security-response-committee ACK
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
- After 90d of inactivity,
lifecycle/stale
is applied - After 30d of inactivity since
lifecycle/stale
was applied,lifecycle/rotten
is applied - After 30d of inactivity since
lifecycle/rotten
was applied, the issue is closed
You can:
- Mark this issue as fresh with
/remove-lifecycle stale
- Close this issue with
/close
- Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
/remove-lifecycle stale
still valid in progress