|
Hi all,
As some of you may know we're keen to expand the international side of OpenSSF, and have a few team members in the APAC region focused on bridging what are language, national firewall, and time zone differences that make it a challenge for everyone to participate equally. One thing we found to be successful when I worked on Hyperledger was to have a regionally-focused working group - or using the terminology I think the TAC wants to move to, a Special Interest Group - specifically to engage with developers from a region where those barriers might be highest, with China often at the top of that list. By having such a SIG led by a few individuals who are bilingual and able to serve as a bridge back to the "upstream" project, we can help participants in that SIG and region not only be more productive but also encourage their contributions back.
In thinking about this for OpenSSF, I felt like it'd be better to have such a SIG focused on a particular OpenSSF work group first rather than the whole of OpenSSF, and the one that seemed most logical would be this Best Practices WG, since those are likely the OpenSSF works easiest to pick up and then contribute back to, and some things we could localize immediately like the training and guides. That seemed to resonate with a few people in the region we talked to as well.
If this seems like a good idea to you all, we have an opportunity to launch this SIG at an event next week (5/26) in China with some fanfare. The next Best Practices WG Zoom call is 10am ET on 5/24, so I wanted to open the discussion up now and see if we can address any/all concerns leading up to that call in the hopes it might be approved by then. We are still working to determine who would be most appropriate as leaders of that SIG, but am confident we'll have 2 or 3 of them by the 26th.
I'm cc'ing Julian Gordon whose team based in Hong Kong is leading outreach and community development there.
Thoughts?
Brian
--
Brian Behlendorf
General Manager, Open Source Security Foundation
bbehlendorf@...
Twitter: @brianbehlendorf
|
|
|
Having the same background as Brian wrt Hyperledger I think it’s a good idea.
Arnaud Le Hors - Senior Technical Staff Member - Open Technologies: Blockchain, Edge Computing, Web, Security - IBM
From:
openssf-wg-best-practices@... <openssf-wg-best-practices@...> on behalf of Brian Behlendorf <bbehlendorf@...>
Date: Wednesday, May 18, 2022 at 7:04 PM
To: CRob Robinson <christopher.robinson@...>, Xavier René-Corail <xcorail@...>, openssf-wg-best-practices@... <openssf-wg-best-practices@...>
Cc: Julian Gordon <jgordon@...>
Subject: [EXTERNAL] [openssf-wg-best-practices] A China-focused SIG under Best Practices WG?
Hi all,
As some of you may know we're keen to expand the international side of
OpenSSF, and have a few team members in the APAC region focused on
bridging what are language, national firewall, and time zone differences
that make it a challenge for everyone to participate equally. One thing
we found to be successful when I worked on Hyperledger was to have a
regionally-focused working group - or using the terminology I think the
TAC wants to move to, a Special Interest Group - specifically to engage
with developers from a region where those barriers might be highest,
with China often at the top of that list. By having such a SIG led by a
few individuals who are bilingual and able to serve as a bridge back to
the "upstream" project, we can help participants in that SIG and region
not only be more productive but also encourage their contributions back.
In thinking about this for OpenSSF, I felt like it'd be better to have
such a SIG focused on a particular OpenSSF work group first rather than
the whole of OpenSSF, and the one that seemed most logical would be this
Best Practices WG, since those are likely the OpenSSF works easiest to
pick up and then contribute back to, and some things we could localize
immediately like the training and guides. That seemed to resonate with a
few people in the region we talked to as well.
If this seems like a good idea to you all, we have an opportunity to
launch this SIG at an event next week (5/26) in China with some fanfare.
The next Best Practices WG Zoom call is 10am ET on 5/24, so I wanted to
open the discussion up now and see if we can address any/all concerns
leading up to that call in the hopes it might be approved by then. We
are still working to determine who would be most appropriate as leaders
of that SIG, but am confident we'll have 2 or 3 of them by the 26th.
I'm cc'ing Julian Gordon whose team based in Hong Kong is leading
outreach and community development there.
Thoughts?
Brian
--
Brian Behlendorf
General Manager, Open Source Security Foundation
bbehlendorf@...
Twitter: @brianbehlendorf
|
|
|
CRob Robinson (Intel)
Not denying the possible merits of the idea, but I have some questions about how this might function operationally/procedurally:
What would the expectations/obligations be for the working group if we pursue this farther? Would you envision this new SIG creates their own materials or "backports" artifacts from the working group? What would be need to report back
to the TAC? Do we think there are unique issues regional developers encounter that other localities would not, or is this purely creating a time-zone-friendly venue to collect feedback and nurture collaboration? Would this be specific to China alone, or
anyone in the APAC greater region?
Cheers,
CRob
Director of Security Communications
Intel Product Assurance and Security
toggle quoted message
Show quoted text
From: Xavier René-Corail <xcorail@...>
Sent: Wednesday, May 18, 2022 1:33 PM
To: Brian Behlendorf <bbehlendorf@...>
Cc: Robinson, Christopher <christopher.robinson@...>; openssf-wg-best-practices@...; Julian Gordon <jgordon@...>
Subject: Re: A China-focused SIG under Best Practices WG?
Hey Brian
I think this is a great idea.
> see if we can address any/all concerns
I tried to anticipate concerns people could raise, but I couldn't see any major concerns, nothing we could solve. The only thing that came to mind was "What's the autonomy of the SIG, can they self-assign projects, how do they get approval
from the working group?"
Hi all,
As some of you may know we're keen to expand the international side of
OpenSSF, and have a few team members in the APAC region focused on
bridging what are language, national firewall, and time zone differences
that make it a challenge for everyone to participate equally. One thing
we found to be successful when I worked on Hyperledger was to have a
regionally-focused working group - or using the terminology I think the
TAC wants to move to, a Special Interest Group - specifically to engage
with developers from a region where those barriers might be highest,
with China often at the top of that list. By having such a SIG led by a
few individuals who are bilingual and able to serve as a bridge back to
the "upstream" project, we can help participants in that SIG and region
not only be more productive but also encourage their contributions back.
In thinking about this for OpenSSF, I felt like it'd be better to have
such a SIG focused on a particular OpenSSF work group first rather than
the whole of OpenSSF, and the one that seemed most logical would be this
Best Practices WG, since those are likely the OpenSSF works easiest to
pick up and then contribute back to, and some things we could localize
immediately like the training and guides. That seemed to resonate with a
few people in the region we talked to as well.
If this seems like a good idea to you all, we have an opportunity to
launch this SIG at an event next week (5/26) in China with some fanfare.
The next Best Practices WG Zoom call is 10am ET on 5/24, so I wanted to
open the discussion up now and see if we can address any/all concerns
leading up to that call in the hopes it might be approved by then. We
are still working to determine who would be most appropriate as leaders
of that SIG, but am confident we'll have 2 or 3 of them by the 26th.
I'm cc'ing Julian Gordon whose team based in Hong Kong is leading
outreach and community development there.
Thoughts?
Brian
--
Brian Behlendorf
General Manager, Open Source Security Foundation
bbehlendorf@...
Twitter: @brianbehlendorf
|
|
|
I would expect the SIG leads to be on Best Practices WG calls and reporting in on what they're working on and what they need. It seems best if they could self-determine the things they'd like to work on and in what order, but obviously the WG here might have pointers/advice. And as with all efforts under a WG the WG could cancel or reboot with new leads if unhappy with the work. I'd also guess that the TAC should be informed during a regular report-up from this WG to the TAC but their approval wouldn't strictly be required.
The proposal is a China-spexific SIG given their unique challenges but obviously participation would not be restricted based on IP address or anything.
Brian
toggle quoted message
Show quoted text
On May 18, 2022 11:03:22 AM PDT, "Robinson, Christopher" <christopher.robinson@...> wrote:
Not denying the possible merits of the idea, but I have some questions about how this might function operationally/procedurally:
What would the expectations/obligations be for the working group if we pursue this farther? Would you envision this new SIG creates their own materials or "backports" artifacts from the working group? What would be need to report back
to the TAC? Do we think there are unique issues regional developers encounter that other localities would not, or is this purely creating a time-zone-friendly venue to collect feedback and nurture collaboration? Would this be specific to China alone, or
anyone in the APAC greater region?
Cheers,
CRob
Director of Security Communications
Intel Product Assurance and Security
From: Xavier René-Corail <xcorail@...>
Sent: Wednesday, May 18, 2022 1:33 PM
To: Brian Behlendorf <bbehlendorf@...>
Cc: Robinson, Christopher <christopher.robinson@...>; openssf-wg-best-practices@...; Julian Gordon <jgordon@...>
Subject: Re: A China-focused SIG under Best Practices WG?
Hey Brian
I think this is a great idea.
> see if we can address any/all concerns
I tried to anticipate concerns people could raise, but I couldn't see any major concerns, nothing we could solve. The only thing that came to mind was "What's the autonomy of the SIG, can they self-assign projects, how do they get approval
from the working group?"
Hi all,
As some of you may know we're keen to expand the international side of
OpenSSF, and have a few team members in the APAC region focused on
bridging what are language, national firewall, and time zone differences
that make it a challenge for everyone to participate equally. One thing
we found to be successful when I worked on Hyperledger was to have a
regionally-focused working group - or using the terminology I think the
TAC wants to move to, a Special Interest Group - specifically to engage
with developers from a region where those barriers might be highest,
with China often at the top of that list. By having such a SIG led by a
few individuals who are bilingual and able to serve as a bridge back to
the "upstream" project, we can help participants in that SIG and region
not only be more productive but also encourage their contributions back.
In thinking about this for OpenSSF, I felt like it'd be better to have
such a SIG focused on a particular OpenSSF work group first rather than
the whole of OpenSSF, and the one that seemed most logical would be this
Best Practices WG, since those are likely the OpenSSF works easiest to
pick up and then contribute back to, and some things we could localize
immediately like the training and guides. That seemed to resonate with a
few people in the region we talked to as well.
If this seems like a good idea to you all, we have an opportunity to
launch this SIG at an event next week (5/26) in China with some fanfare.
The next Best Practices WG Zoom call is 10am ET on 5/24, so I wanted to
open the discussion up now and see if we can address any/all concerns
leading up to that call in the hopes it might be approved by then. We
are still working to determine who would be most appropriate as leaders
of that SIG, but am confident we'll have 2 or 3 of them by the 26th.
I'm cc'ing Julian Gordon whose team based in Hong Kong is leading
outreach and community development there.
Thoughts?
Brian
--
Brian Behlendorf
General Manager, Open Source Security Foundation
bbehlendorf@...
Twitter: @brianbehlendorf
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
|
|
|
Xavier René-Corail <xcorail@...>
Hey Brian
I think this is a great idea.
> see if we can address any/all concerns I tried to anticipate concerns people could raise, but I couldn't see any major concerns, nothing we could solve. The only thing that came to mind was "What's the autonomy of the SIG, can they self-assign projects, how do they get approval from the working group?"
Hi all,
As some of you may know we're keen to expand the international side of
OpenSSF, and have a few team members in the APAC region focused on
bridging what are language, national firewall, and time zone differences
that make it a challenge for everyone to participate equally. One thing
we found to be successful when I worked on Hyperledger was to have a
regionally-focused working group - or using the terminology I think the
TAC wants to move to, a Special Interest Group - specifically to engage
with developers from a region where those barriers might be highest,
with China often at the top of that list. By having such a SIG led by a
few individuals who are bilingual and able to serve as a bridge back to
the "upstream" project, we can help participants in that SIG and region
not only be more productive but also encourage their contributions back.
In thinking about this for OpenSSF, I felt like it'd be better to have
such a SIG focused on a particular OpenSSF work group first rather than
the whole of OpenSSF, and the one that seemed most logical would be this
Best Practices WG, since those are likely the OpenSSF works easiest to
pick up and then contribute back to, and some things we could localize
immediately like the training and guides. That seemed to resonate with a
few people in the region we talked to as well.
If this seems like a good idea to you all, we have an opportunity to
launch this SIG at an event next week (5/26) in China with some fanfare.
The next Best Practices WG Zoom call is 10am ET on 5/24, so I wanted to
open the discussion up now and see if we can address any/all concerns
leading up to that call in the hopes it might be approved by then. We
are still working to determine who would be most appropriate as leaders
of that SIG, but am confident we'll have 2 or 3 of them by the 26th.
I'm cc'ing Julian Gordon whose team based in Hong Kong is leading
outreach and community development there.
Thoughts?
Brian
--
Brian Behlendorf
General Manager, Open Source Security Foundation
bbehlendorf@...
Twitter: @brianbehlendorf
|
|
|
CRob Robinson (Intel)
Thanks for the fast reply Brian.
Dev-Best-Practices folks on the CC here…. Any additional thoughts or comments we would like to share or discuss prior to giving Brian an answer from the group?
This feels like a natural fit here as a SIG under us and a path to help achieve our goal of helping OSS Devs produce more secure software.
Cheers,
CRob
Director of Security Communications
Intel Product Assurance and Security
toggle quoted message
Show quoted text
From: Brian Behlendorf <bbehlendorf@...>
Sent: Wednesday, May 18, 2022 2:47 PM
To: Robinson, Christopher <christopher.robinson@...>; Xavier René-Corail <xcorail@...>
Cc: openssf-wg-best-practices@...; Julian Gordon <jgordon@...>
Subject: RE: A China-focused SIG under Best Practices WG?
I would expect the SIG leads to be on Best Practices WG calls and reporting in on what they're working on and what they need. It seems best if they could self-determine the things they'd like to work on and
in what order, but obviously the WG here might have pointers/advice. And as with all efforts under a WG the WG could cancel or reboot with new leads if unhappy with the work. I'd also guess that the TAC should be informed during a regular report-up from this
WG to the TAC but their approval wouldn't strictly be required.
The proposal is a China-spexific SIG given their unique challenges but obviously participation would not be restricted based on IP address or anything.
Brian
On May 18, 2022 11:03:22 AM PDT, "Robinson, Christopher" <christopher.robinson@...> wrote:
Not denying the possible merits of the idea, but I have some questions about how this might function operationally/procedurally:
What would the expectations/obligations be for the working group if we pursue this farther? Would you envision this new SIG creates their own materials or "backports" artifacts from the working group? What would be need to report back
to the TAC? Do we think there are unique issues regional developers encounter that other localities would not, or is this purely creating a time-zone-friendly venue to collect feedback and nurture collaboration? Would this be specific to China alone, or
anyone in the APAC greater region?
Cheers,
CRob
Director of Security Communications
Intel Product Assurance and Security
Hey Brian
I think this is a great idea.
> see if we can address any/all concerns
I tried to anticipate concerns people could raise, but I couldn't see any major concerns, nothing we could solve. The only thing that came to mind was "What's the autonomy of the SIG, can they self-assign projects, how do they get approval
from the working group?"
Hi all,
As some of you may know we're keen to expand the international side of
OpenSSF, and have a few team members in the APAC region focused on
bridging what are language, national firewall, and time zone differences
that make it a challenge for everyone to participate equally. One thing
we found to be successful when I worked on Hyperledger was to have a
regionally-focused working group - or using the terminology I think the
TAC wants to move to, a Special Interest Group - specifically to engage
with developers from a region where those barriers might be highest,
with China often at the top of that list. By having such a SIG led by a
few individuals who are bilingual and able to serve as a bridge back to
the "upstream" project, we can help participants in that SIG and region
not only be more productive but also encourage their contributions back.
In thinking about this for OpenSSF, I felt like it'd be better to have
such a SIG focused on a particular OpenSSF work group first rather than
the whole of OpenSSF, and the one that seemed most logical would be this
Best Practices WG, since those are likely the OpenSSF works easiest to
pick up and then contribute back to, and some things we could localize
immediately like the training and guides. That seemed to resonate with a
few people in the region we talked to as well.
If this seems like a good idea to you all, we have an opportunity to
launch this SIG at an event next week (5/26) in China with some fanfare.
The next Best Practices WG Zoom call is 10am ET on 5/24, so I wanted to
open the discussion up now and see if we can address any/all concerns
leading up to that call in the hopes it might be approved by then. We
are still working to determine who would be most appropriate as leaders
of that SIG, but am confident we'll have 2 or 3 of them by the 26th.
I'm cc'ing Julian Gordon whose team based in Hong Kong is leading
outreach and community development there.
Thoughts?
Brian
--
Brian Behlendorf
General Manager, Open Source Security Foundation
bbehlendorf@...
Twitter: @brianbehlendorf
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
|
|
|
Generally speaking, I’m a big +1 to anything that brings more members to the community. However, before launching a SIG I’d like to ensure it’ll have appropriate support to ensure it thrives.
We all know the pain of timezones, and while Julian is in HK there may not be any current Best Practices WG members who can help launch and support this on the other side of the small blue dot of ours.
What’s the plan for that?
--V
VM (Vicky) Brasseur
Director, Senior Strategy Advisor
Open Source Program Office
Wipro Limited
⏰ Time Zone: Pacific/West Coast US
From:
<openssf-wg-best-practices@...> on behalf of "CRob Robinson (Intel) via lists.openssf.org" <christopher.robinson=intel.com@...>
Reply-To: "christopher.robinson@..." <christopher.robinson@...>
Date: Wednesday, May 18, 2022 at 13:45
To: Brian Behlendorf <bbehlendorf@...>, Xavier René-Corail <xcorail@...>
Cc: "openssf-wg-best-practices@..." <openssf-wg-best-practices@...>, Julian Gordon <jgordon@...>
Subject: Re: [openssf-wg-best-practices] A China-focused SIG under Best Practices WG?
CAUTION:This email is received from an external domain. Open the hyperlink(s) & attachment(s) with caution.
.
Thanks for the fast reply Brian.
Dev-Best-Practices folks on the CC here…. Any additional thoughts or comments we would like to share or discuss prior to giving Brian an answer from the group?
This feels like a natural fit here as a SIG under us and a path to help achieve our goal of helping OSS Devs produce more secure software.
Cheers,
CRob
Director of Security Communications
Intel Product Assurance and Security
toggle quoted message
Show quoted text
From: Brian Behlendorf <bbehlendorf@...>
Sent: Wednesday, May 18, 2022 2:47 PM
To: Robinson, Christopher <christopher.robinson@...>; Xavier René-Corail <xcorail@...>
Cc: openssf-wg-best-practices@...; Julian Gordon <jgordon@...>
Subject: RE: A China-focused SIG under Best Practices WG?
I would expect the SIG leads to be on Best Practices WG calls and reporting in on what they're working on and what they need. It seems best if they could self-determine the things they'd like to work on and in what order, but obviously the WG here might have
pointers/advice. And as with all efforts under a WG the WG could cancel or reboot with new leads if unhappy with the work. I'd also guess that the TAC should be informed during a regular report-up from this WG to the TAC but their approval wouldn't strictly
be required.
The proposal is a China-spexific SIG given their unique challenges but obviously participation would not be restricted based on IP address or anything.
Brian
On May 18, 2022 11:03:22 AM PDT, "Robinson, Christopher" <christopher.robinson@...> wrote:
Not denying the possible merits of the idea, but I have some questions about how this might function operationally/procedurally:
What would the expectations/obligations be for the working group if we pursue this farther? Would you envision this new SIG creates their own materials or "backports" artifacts from the working group? What
would be need to report back to the TAC? Do we think there are unique issues regional developers encounter that other localities would not, or is this purely creating a time-zone-friendly venue to collect feedback and nurture collaboration? Would this be
specific to China alone, or anyone in the APAC greater region?
Cheers,
CRob
Director of Security Communications
Intel Product Assurance and Security
Hey Brian
I think this is a great idea.
> see if we can address any/all concerns
I tried to anticipate concerns people could raise, but I couldn't see any major concerns, nothing we could solve. The only thing that came to mind was "What's the autonomy of the SIG, can they self-assign projects, how
do they get approval from the working group?"
Hi all,
As some of you may know we're keen to expand the international side of
OpenSSF, and have a few team members in the APAC region focused on
bridging what are language, national firewall, and time zone differences
that make it a challenge for everyone to participate equally. One thing
we found to be successful when I worked on Hyperledger was to have a
regionally-focused working group - or using the terminology I think the
TAC wants to move to, a Special Interest Group - specifically to engage
with developers from a region where those barriers might be highest,
with China often at the top of that list. By having such a SIG led by a
few individuals who are bilingual and able to serve as a bridge back to
the "upstream" project, we can help participants in that SIG and region
not only be more productive but also encourage their contributions back.
In thinking about this for OpenSSF, I felt like it'd be better to have
such a SIG focused on a particular OpenSSF work group first rather than
the whole of OpenSSF, and the one that seemed most logical would be this
Best Practices WG, since those are likely the OpenSSF works easiest to
pick up and then contribute back to, and some things we could localize
immediately like the training and guides. That seemed to resonate with a
few people in the region we talked to as well.
If this seems like a good idea to you all, we have an opportunity to
launch this SIG at an event next week (5/26) in China with some fanfare.
The next Best Practices WG Zoom call is 10am ET on 5/24, so I wanted to
open the discussion up now and see if we can address any/all concerns
leading up to that call in the hopes it might be approved by then. We
are still working to determine who would be most appropriate as leaders
of that SIG, but am confident we'll have 2 or 3 of them by the 26th.
I'm cc'ing Julian Gordon whose team based in Hong Kong is leading
outreach and community development there.
Thoughts?
Brian
--
Brian Behlendorf
General Manager, Open Source Security Foundation
bbehlendorf@...
Twitter: @brianbehlendorf
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
'The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you
should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments
for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com'
Internal to Wipro
|
|
|
David A. Wheeler
I would suggest it not be China-specific, but instead for APAC with
China obviously being a big part.
Others in the region will have many of the same challenges.
--- David A. Wheeler
toggle quoted message
Show quoted text
On May 18, 2022, at 2:46 PM, Brian Behlendorf <bbehlendorf@...> wrote:
I would expect the SIG leads to be on Best Practices WG calls and reporting in on what they're working on and what they need. It seems best if they could self-determine the things they'd like to work on and in what order, but obviously the WG here might have pointers/advice. And as with all efforts under a WG the WG could cancel or reboot with new leads if unhappy with the work. I'd also guess that the TAC should be informed during a regular report-up from this WG to the TAC but their approval wouldn't strictly be required.
The proposal is a China-spexific SIG given their unique challenges but obviously participation would not be restricted based on IP address or anything.
Brian
On May 18, 2022 11:03:22 AM PDT, "Robinson, Christopher" <christopher.robinson@...> wrote:
Not denying the possible merits of the idea, but I have some questions about how this might function operationally/procedurally:
What would the expectations/obligations be for the working group if we pursue this farther? Would you envision this new SIG creates their own materials or "backports" artifacts from the working group? What would be need to report back to the TAC? Do we think there are unique issues regional developers encounter that other localities would not, or is this purely creating a time-zone-friendly venue to collect feedback and nurture collaboration? Would this be specific to China alone, or anyone in the APAC greater region?
Cheers,
CRob
Director of Security Communications
Intel Product Assurance and Security
From: Xavier René-Corail <xcorail@...>
Sent: Wednesday, May 18, 2022 1:33 PM
To: Brian Behlendorf <bbehlendorf@...>
Cc: Robinson, Christopher <christopher.robinson@...>; openssf-wg-best-practices@...; Julian Gordon <jgordon@...>
Subject: Re: A China-focused SIG under Best Practices WG?
Hey Brian
I think this is a great idea.
see if we can address any/all concerns I tried to anticipate concerns people could raise, but I couldn't see any major concerns, nothing we could solve. The only thing that came to mind was "What's the autonomy of the SIG, can they self-assign projects, how do they get approval from the working group?"
--
Cheers
Xavier
On Wed, May 18, 2022 at 10:04 AM Brian Behlendorf <bbehlendorf@...> wrote:
Hi all,
As some of you may know we're keen to expand the international side of
OpenSSF, and have a few team members in the APAC region focused on
bridging what are language, national firewall, and time zone differences
that make it a challenge for everyone to participate equally. One thing
we found to be successful when I worked on Hyperledger was to have a
regionally-focused working group - or using the terminology I think the
TAC wants to move to, a Special Interest Group - specifically to engage
with developers from a region where those barriers might be highest,
with China often at the top of that list. By having such a SIG led by a
few individuals who are bilingual and able to serve as a bridge back to
the "upstream" project, we can help participants in that SIG and region
not only be more productive but also encourage their contributions back.
In thinking about this for OpenSSF, I felt like it'd be better to have
such a SIG focused on a particular OpenSSF work group first rather than
the whole of OpenSSF, and the one that seemed most logical would be this
Best Practices WG, since those are likely the OpenSSF works easiest to
pick up and then contribute back to, and some things we could localize
immediately like the training and guides. That seemed to resonate with a
few people in the region we talked to as well.
If this seems like a good idea to you all, we have an opportunity to
launch this SIG at an event next week (5/26) in China with some fanfare.
The next Best Practices WG Zoom call is 10am ET on 5/24, so I wanted to
open the discussion up now and see if we can address any/all concerns
leading up to that call in the hopes it might be approved by then. We
are still working to determine who would be most appropriate as leaders
of that SIG, but am confident we'll have 2 or 3 of them by the 26th.
I'm cc'ing Julian Gordon whose team based in Hong Kong is leading
outreach and community development there.
Thoughts?
Brian
--
Brian Behlendorf
General Manager, Open Source Security Foundation
bbehlendorf@...
Twitter: @brianbehlendorf
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
|
|
|
Our experience operating in the region has been that the language, cultural, and national firewall issues cause the Chinese developer community to struggle with international open source projects much more intensely than developers from any other region. They may share a neighboring time zone but are very different otherwise. Hong Kong is one of the few cities with a solid foot on either side of that divide and I'd consider it likely to see developers from Hong Kong involved in both this China-focused WG and the global streams, perhaps even leading this WG.
Down the road I do see a need for vehicles for supporting regional developer communities in a more general-purpose way, both city-by-city a la Meetup and regional a la "Chapters" like an "India Chapter" or "Brazil Chapter" which is just an aggregate of meetup communities. Back when people were meeting up, but looking forward to a time when they will again. I'm not saying we shouldn't consider creating a SIG for supporting India developers or Korean developers, just proposing China to start and see when demand for others emerge.
Brian
toggle quoted message
Show quoted text
On 5/19/22 10:20, David A. Wheeler wrote: I would suggest it not be China-specific, but instead for APAC with
China obviously being a big part.
Others in the region will have many of the same challenges.
--- David A. Wheeler
On May 18, 2022, at 2:46 PM, Brian Behlendorf <bbehlendorf@...> wrote:
I would expect the SIG leads to be on Best Practices WG calls and reporting in on what they're working on and what they need. It seems best if they could self-determine the things they'd like to work on and in what order, but obviously the WG here might have pointers/advice. And as with all efforts under a WG the WG could cancel or reboot with new leads if unhappy with the work. I'd also guess that the TAC should be informed during a regular report-up from this WG to the TAC but their approval wouldn't strictly be required.
The proposal is a China-spexific SIG given their unique challenges but obviously participation would not be restricted based on IP address or anything.
Brian
On May 18, 2022 11:03:22 AM PDT, "Robinson, Christopher" <christopher.robinson@...> wrote:
Not denying the possible merits of the idea, but I have some questions about how this might function operationally/procedurally:
What would the expectations/obligations be for the working group if we pursue this farther? Would you envision this new SIG creates their own materials or "backports" artifacts from the working group? What would be need to report back to the TAC? Do we think there are unique issues regional developers encounter that other localities would not, or is this purely creating a time-zone-friendly venue to collect feedback and nurture collaboration? Would this be specific to China alone, or anyone in the APAC greater region?
Cheers,
CRob
Director of Security Communications
Intel Product Assurance and Security
From: Xavier René-Corail <xcorail@...>
Sent: Wednesday, May 18, 2022 1:33 PM
To: Brian Behlendorf <bbehlendorf@...>
Cc: Robinson, Christopher <christopher.robinson@...>; openssf-wg-best-practices@...; Julian Gordon <jgordon@...>
Subject: Re: A China-focused SIG under Best Practices WG?
Hey Brian
I think this is a great idea.
see if we can address any/all concerns I tried to anticipate concerns people could raise, but I couldn't see any major concerns, nothing we could solve. The only thing that came to mind was "What's the autonomy of the SIG, can they self-assign projects, how do they get approval from the working group?"
--
Cheers
Xavier
On Wed, May 18, 2022 at 10:04 AM Brian Behlendorf <bbehlendorf@...> wrote:
Hi all,
As some of you may know we're keen to expand the international side of
OpenSSF, and have a few team members in the APAC region focused on
bridging what are language, national firewall, and time zone differences
that make it a challenge for everyone to participate equally. One thing
we found to be successful when I worked on Hyperledger was to have a
regionally-focused working group - or using the terminology I think the
TAC wants to move to, a Special Interest Group - specifically to engage
with developers from a region where those barriers might be highest,
with China often at the top of that list. By having such a SIG led by a
few individuals who are bilingual and able to serve as a bridge back to
the "upstream" project, we can help participants in that SIG and region
not only be more productive but also encourage their contributions back.
In thinking about this for OpenSSF, I felt like it'd be better to have
such a SIG focused on a particular OpenSSF work group first rather than
the whole of OpenSSF, and the one that seemed most logical would be this
Best Practices WG, since those are likely the OpenSSF works easiest to
pick up and then contribute back to, and some things we could localize
immediately like the training and guides. That seemed to resonate with a
few people in the region we talked to as well.
If this seems like a good idea to you all, we have an opportunity to
launch this SIG at an event next week (5/26) in China with some fanfare.
The next Best Practices WG Zoom call is 10am ET on 5/24, so I wanted to
open the discussion up now and see if we can address any/all concerns
leading up to that call in the hopes it might be approved by then. We
are still working to determine who would be most appropriate as leaders
of that SIG, but am confident we'll have 2 or 3 of them by the 26th.
I'm cc'ing Julian Gordon whose team based in Hong Kong is leading
outreach and community development there.
Thoughts?
Brian
--
Brian Behlendorf
General Manager, Open Source Security Foundation
bbehlendorf@...
Twitter: @brianbehlendorf
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
--
Brian Behlendorf
General Manager, Open Source Security Foundation
bbehlendorf@...
Twitter: @brianbehlendorf
|
|
|
It's a great question VM (and thank you
for supporting our APAC regional town hall a few months back!)
The LF APAC team does already have a
small group of open source community advocates from whom we would
draw the initial leads for the SIG, knowing their job would be to
have a foot in both the China-specific SIG and in the Working
Group's meetings and processes. We will also have paid staff
helping drive their calls and WeChat group, and recruiting new
leads if necessary. It would of course be fantastic if there was
anyone on the current WG willing to act as a mentor to them or to
the leads or even participate in the SIG if they speak the
language. But I think the SIG can be successful even if the
current WG doesn't have someone with that bandwidth.
Brian
On 5/19/22 07:38, VM Brasseur (CTO)
wrote:
Generally
speaking, I’m a big +1 to anything that brings more members
to the community. However, before launching a SIG I’d like
to ensure it’ll have appropriate support to ensure it
thrives. We all know the pain of timezones, and while Julian
is in HK there may not be any current Best Practices WG
members who can help launch and support this on the other
side of the small blue dot of ours.
What’s the plan
for that?
--V
VM (Vicky)
Brasseur
Director,
Senior Strategy Advisor
Open Source
Program Office
Wipro
Limited
⏰ Time Zone:
Pacific/West Coast US
CAUTION:This
email is received from an external domain. Open the
hyperlink(s) & attachment(s) with caution.
.
Thanks for the
fast reply Brian.
Dev-Best-Practices
folks on the CC here…. Any additional thoughts or comments
we would like to share or discuss prior to giving Brian an
answer from the group?
This feels like
a natural fit here as a SIG under us and a path to help
achieve our goal of helping OSS Devs produce more secure
software.
Cheers,
CRob
Director of
Security Communications
Intel Product
Assurance and Security
I
would expect the SIG leads to be on Best Practices WG calls
and reporting in on what they're working on and what they
need. It seems best if they could self-determine the things
they'd like to work on and in what order, but obviously the
WG here might have pointers/advice. And as with all efforts
under a WG the WG could cancel or reboot with new leads if
unhappy with the work. I'd also guess that the TAC should be
informed during a regular report-up from this WG to the TAC
but their approval wouldn't strictly be required.
The proposal is a China-spexific SIG given their unique
challenges but obviously participation would not be
restricted based on IP address or anything.
Brian
On May 18,
2022 11:03:22 AM PDT, "Robinson, Christopher" <christopher.robinson@...>
wrote:
Not
denying the possible merits of the idea, but I have some
questions about how this might function
operationally/procedurally:
What
would the expectations/obligations be for the working
group if we pursue this farther? Would you envision
this new SIG creates their own materials or "backports"
artifacts from the working group? What would be need to
report back to the TAC? Do we think there are unique
issues regional developers encounter that other
localities would not, or is this purely creating a
time-zone-friendly venue to collect feedback and nurture
collaboration? Would this be specific to China alone,
or anyone in the APAC greater region?
Cheers,
CRob
Director of
Security Communications
Intel
Product Assurance and Security
Hey Brian
I think
this is a great idea.
> see
if we can address any/all concerns
I tried
to anticipate concerns people could raise, but I
couldn't see any major concerns, nothing we could
solve. The only thing that came to mind was "What's
the autonomy of the SIG, can they self-assign
projects, how do they get approval from the working
group?"
Hi
all,
As some of you may know we're keen to expand the
international side of
OpenSSF, and have a few team members in the APAC
region focused on
bridging what are language, national firewall, and
time zone differences
that make it a challenge for everyone to participate
equally. One thing
we found to be successful when I worked on
Hyperledger was to have a
regionally-focused working group - or using the
terminology I think the
TAC wants to move to, a Special Interest Group -
specifically to engage
with developers from a region where those barriers
might be highest,
with China often at the top of that list. By having
such a SIG led by a
few individuals who are bilingual and able to serve
as a bridge back to
the "upstream" project, we can help participants in
that SIG and region
not only be more productive but also encourage their
contributions back.
In thinking about this for OpenSSF, I felt like it'd
be better to have
such a SIG focused on a particular OpenSSF work
group first rather than
the whole of OpenSSF, and the one that seemed most
logical would be this
Best Practices WG, since those are likely the
OpenSSF works easiest to
pick up and then contribute back to, and some things
we could localize
immediately like the training and guides. That
seemed to resonate with a
few people in the region we talked to as well.
If this seems like a good idea to you all, we have
an opportunity to
launch this SIG at an event next week (5/26) in
China with some fanfare.
The next Best Practices WG Zoom call is 10am ET on
5/24, so I wanted to
open the discussion up now and see if we can address
any/all concerns
leading up to that call in the hopes it might be
approved by then. We
are still working to determine who would be most
appropriate as leaders
of that SIG, but am confident we'll have 2 or 3 of
them by the 26th.
I'm cc'ing Julian Gordon whose team based in Hong
Kong is leading
outreach and community development there.
Thoughts?
Brian
--
Brian Behlendorf
General Manager, Open Source Security Foundation
bbehlendorf@...
Twitter: @brianbehlendorf
--
Sent from my Android device with K-9 Mail. Please excuse
my brevity.
'The information contained in this electronic message and any
attachments to this message are intended for the exclusive use of
the addressee(s) and may contain proprietary, confidential or
privileged information. If you are not the intended recipient, you
should not disseminate, distribute or copy this e-mail. Please
notify the sender immediately and destroy all copies of this
message and any attachments. WARNING: Computer viruses can be
transmitted via email. The recipient should check this email and
any attachments for the presence of viruses. The company accepts
no liability for any damage caused by any virus transmitted by
this email. www.wipro.com'
Internal to Wipro
--
Brian Behlendorf
General Manager, Open Source Security Foundation
bbehlendorf@...
Twitter: @brianbehlendorf
|
|
|
CRob Robinson (Intel)
Hi Brian – the BEST working group met today and discussed this proposal at length. The group approves of the idea and welcomes the opportunity to collaborate with regional specialists to help facilitate getting our content shared with
folks in China as well as hearing the needs of this community so we can assist. We hope this can be used as a blueprint for other SIG-expansions to provide forums for developers around the globe. We have several WG members that expressed interest in meeting
with the “on the ground” SIG facilitator to develop the idea more. Please let us know who to work with (beyond Julian if there are others too).
Cheers,
CRob
Director of Security Communications
Intel Product Assurance and Security
toggle quoted message
Show quoted text
From: openssf-wg-best-practices@... <openssf-wg-best-practices@...>
On Behalf Of Brian Behlendorf
Sent: Friday, May 20, 2022 1:54 AM
To: VM Brasseur (CTO) <vm.brasseur@...>; Robinson, Christopher <christopher.robinson@...>; Xavier René-Corail <xcorail@...>
Cc: openssf-wg-best-practices@...; Julian Gordon <jgordon@...>
Subject: Re: [openssf-wg-best-practices] A China-focused SIG under Best Practices WG?
It's a great question VM (and thank you for supporting our APAC regional town hall a few months back!)
The LF APAC team does already have a small group of open source community advocates from whom we would draw the initial leads for the SIG, knowing their job would be to have a foot in both the China-specific SIG and in the Working Group's
meetings and processes. We will also have paid staff helping drive their calls and WeChat group, and recruiting new leads if necessary. It would of course be fantastic if there was anyone on the current WG willing to act as a mentor to them or to the leads
or even participate in the SIG if they speak the language. But I think the SIG can be successful even if the current WG doesn't have someone with that bandwidth.
On 5/19/22 07:38, VM Brasseur (CTO) wrote:
Generally speaking, I’m a big +1 to anything that brings more members to the community. However, before launching a SIG I’d like to ensure it’ll have appropriate support to ensure it thrives.
We all know the pain of timezones, and while Julian is in HK there may not be any current Best Practices WG members who can help launch and support this on the other side of the small blue dot of ours.
What’s the plan for that?
--V
VM (Vicky) Brasseur
Director, Senior Strategy Advisor
Open Source Program Office
Wipro Limited
⏰ Time Zone: Pacific/West Coast US
CAUTION:This email is received from an external domain. Open the hyperlink(s) & attachment(s) with caution.
.
Thanks for the fast reply Brian.
Dev-Best-Practices folks on the CC here…. Any additional thoughts or comments we would like to share or discuss prior to giving Brian an answer from the group?
This feels like a natural fit here as a SIG under us and a path to help achieve our goal of helping OSS Devs produce more secure software.
Cheers,
CRob
Director of Security Communications
Intel Product Assurance and Security
I would expect the SIG leads to be on Best Practices WG calls and reporting in on what they're working on and what they need. It seems best if they could self-determine the things they'd like to work on and in what order, but obviously the WG here might have
pointers/advice. And as with all efforts under a WG the WG could cancel or reboot with new leads if unhappy with the work. I'd also guess that the TAC should be informed during a regular report-up from this WG to the TAC but their approval wouldn't strictly
be required.
The proposal is a China-spexific SIG given their unique challenges but obviously participation would not be restricted based on IP address or anything.
Brian
On May 18, 2022 11:03:22 AM PDT, "Robinson, Christopher" <christopher.robinson@...> wrote:
Not denying the possible merits of the idea, but I have some questions about how this might function operationally/procedurally:
What would the expectations/obligations be for the working group if we pursue this farther? Would you envision this new SIG creates their own materials or "backports" artifacts from the working group? What
would be need to report back to the TAC? Do we think there are unique issues regional developers encounter that other localities would not, or is this purely creating a time-zone-friendly venue to collect feedback and nurture collaboration? Would this be
specific to China alone, or anyone in the APAC greater region?
Cheers,
CRob
Director of Security Communications
Intel Product Assurance and Security
Hey Brian
I think this is a great idea.
> see if we can address any/all concerns
I tried to anticipate concerns people could raise, but I couldn't see any major concerns, nothing we could solve. The only thing that came to mind was "What's the autonomy of the SIG, can they self-assign projects, how
do they get approval from the working group?"
Hi all,
As some of you may know we're keen to expand the international side of
OpenSSF, and have a few team members in the APAC region focused on
bridging what are language, national firewall, and time zone differences
that make it a challenge for everyone to participate equally. One thing
we found to be successful when I worked on Hyperledger was to have a
regionally-focused working group - or using the terminology I think the
TAC wants to move to, a Special Interest Group - specifically to engage
with developers from a region where those barriers might be highest,
with China often at the top of that list. By having such a SIG led by a
few individuals who are bilingual and able to serve as a bridge back to
the "upstream" project, we can help participants in that SIG and region
not only be more productive but also encourage their contributions back.
In thinking about this for OpenSSF, I felt like it'd be better to have
such a SIG focused on a particular OpenSSF work group first rather than
the whole of OpenSSF, and the one that seemed most logical would be this
Best Practices WG, since those are likely the OpenSSF works easiest to
pick up and then contribute back to, and some things we could localize
immediately like the training and guides. That seemed to resonate with a
few people in the region we talked to as well.
If this seems like a good idea to you all, we have an opportunity to
launch this SIG at an event next week (5/26) in China with some fanfare.
The next Best Practices WG Zoom call is 10am ET on 5/24, so I wanted to
open the discussion up now and see if we can address any/all concerns
leading up to that call in the hopes it might be approved by then. We
are still working to determine who would be most appropriate as leaders
of that SIG, but am confident we'll have 2 or 3 of them by the 26th.
I'm cc'ing Julian Gordon whose team based in Hong Kong is leading
outreach and community development there.
Thoughts?
Brian
--
Brian Behlendorf
General Manager, Open Source Security Foundation
bbehlendorf@...
Twitter: @brianbehlendorf
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
'The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended
recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this
email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
www.wipro.com'
Internal to Wipro
--
Brian Behlendorf
General Manager, Open Source Security Foundation
bbehlendorf@...
Twitter: @brianbehlendorf
|
|
|
