Date   

Be careful of dynamic assertions

Jeffrey Walton <noloader@...>
 

Hi Everyone,

Thanks for the service. I really like the idea of a mini Security
Architecture document so projects can discuss their governance,
policies and procedures. I've written a lot of them over they years
and I know they are helpful.

I recently added Crypto++ to CII. Also see
https://bestpractices.coreinfrastructure.org/en/projects/3806.

Under "Dynamic code analysis", one of the recommendations is:

It is SUGGESTED that the software produced by the project include
many run-time assertions...

As a C/C++/ObjC developer when I see "run-time assertions" I think of
Posix assert (https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/assert.h.html).
Runtime assertions in production software could be bad for several
reasons.

Let me preface it with: runtime assertions are not dangerous at
development time. At development time they aide the programmer by
snapping the debugger. Asserts create self-debugging code in this
instance. I embrace asserts at development time.

Runtime assertions are not dangerous to some software in production,
like music players and video players. An assert may annoy a user, but
the app is not handling sensitive information so it is just another UI
bug.

However, high integrity software must be careful of assertions in
production. Here are the reasons given for Crypto++ in the CII report.

<SNIP>
The library never asserts in production for four reasons. First, it is
the application's authors decision to crash their app. The library
does not make policy decisions for the application author.

Second, some platforms, like Apple iOS, do not allow asserts to crash
an application because it degrades the UI experience. The library will
not cause an author's app to be rejected from an App Store.

Third, the library handles sensitive information like private keys,
shared secrets and passwords. When an assert fires the core file will
include the sensitive information. That means the sensitive
information has been egressed outside the application's security
boundary. Folks with access to the mobile device or a computer
paired/sync'd with a mobile device will be able to recover the secrets
from the filesystem.

Fourth, the core file may be shipped to an Error Reporting Service.
Now Apple, Google, Fedora, Red Hat, Ubuntu or Microsoft have the
user's private keys, shared secrets and passwords. Then the
information is passed onto the developer who has the user's private
keys, shared secrets and passwords.

Fifth, when an assert crashes a server, it (1) may preserve data
Integrity at the expense of (2) Confidentiality of the data and (3)
Availability of the server. If an author wishes to preserve Integrity,
they merely need to call exit(1) without the loss of Confidentiality.
</SNIP>

In fact, when I was working as a Security Architect in US Financial
(Bank of America and Morgan Stanley), we would reject vendor apps that
used asserts in production. There was too much financial and
reputational risk with using asserts. The firm did not want to pay a
regulatory fine or suffer the reputational harm because customer SSNs
were not handled properly.

Also see "GMP and assert()" on LWN at
https://lwn.net/Articles/780817/. It caused a shit storm when posted
to OSS Security mailing list.

Jeffrey Walton
Baltimore, MD, US


FLOSS Weekly #550 was on the CII Best Practices Badge!

David A. Wheeler
 

FYI: The CII Best Practices Badge was recently featured on “FLOSS Weekly” episode #550.

You can watch my interview here:

https://twit.tv/shows/floss-weekly/episodes/550

 

We got a “bump” in the number of participating projects in the last few days, and

I suspect that is the cause.  As always, you can see stats on project participation here:

https://bestpractices.coreinfrastructure.org/en/project_stats

 

--- David A. Wheeler


Re: Add contributor to process?

David A. Wheeler
 

Sure!  To add an additional editor to a project, you’ll need to know the user id (an integer) of the user to add.  Here’s how to then add that information.

 

First view the project:

https://bestpractices.coreinfrastructure.org/en/projects/3038

 

Click on “edit”.

 

Search (e.g., using “control-F”) for “Additional rights”.  You should find this field:

(Advanced) What other users have additional rights to edit this badge entry? Currently:

 

If you click on “Details” it’ll explain that

“If you want someone else to be able to edit this badge entry, and you already have edit rights to this project badge entry, you can additional users with edit rights. Just enter "+" followed by a comma-separated list of integer user ids. Those users will then also be allowed to edit this project entry.”

 

So enter “+NUMBER”, then save.

 

That’s it.

 

--- David A. Wheeler

 

 

From: Cii-badges-questions@... <Cii-badges-questions@...> On Behalf Of Christina Keelan Cottrell
Sent: Wednesday, August 7, 2019 8:55 PM
To: cii-badges-questions@...
Cc: gabor.brs@...
Subject: [Cii-badges-questions] Add contributor to process?

 

Hello, 

 

I'm adding our project to CII Best Practices and I was wondering if I could add an additional contributor to help me complete the steps? He has been cc'd on this message. 

 

Project Name: rethinkdb

Project ID: 3038

 

Thank you! 

Christina

 


Add contributor to process?

Christina Keelan Cottrell <christinakeelan@...>
 

Hello, 

I'm adding our project to CII Best Practices and I was wondering if I could add an additional contributor to help me complete the steps? He has been cc'd on this message. 

Project Name: rethinkdb
Project ID: 3038

Thank you! 
Christina


Re: How do we edit CII report for Jaeger?

Yuri Shkuro <ys@...>
 

great, thanks, I got the Edit button now.

On Wed, Feb 20, 2019 at 11:10 AM Juraci Paixão Kröhling <jpkroehling@...> wrote:
Added: could you try again?

- Juca.

On 2/20/19 4:59 PM, Yuri Shkuro wrote:
> I have the account:
> https://bestpractices.coreinfrastructure.org/en/users/3394
>
>
>
> On Wed, Feb 20, 2019 at 10:13 AM Wheeler, David A <dwheeler@...
> <mailto:dwheeler@...>> wrote:
>
>     Don't add the *GitHub* id, add the id on the *BadgeApp*.  Yuri will
>     need to sign up (create an account) on the BadgeApp first,
>     https://bestpractices.coreinfrastructure.org
>
>     -----Original Message-----
>     From: Juraci Paixão Kröhling <jpkroehling@...
>     <mailto:jpkroehling@...>>
>     Sent: Wednesday, February 20, 2019 8:02 AM
>     To: Yuri Shkuro <ys@... <mailto:ys@...>>
>     Cc: Wheeler, David A <dwheeler@... <mailto:dwheeler@...>>;
>     cii-badges-questions@...
>     <mailto:cii-badges-questions@...>; Dossett,
>     Jason N <jdossett@... <mailto:jdossett@...>>
>     Subject: Re: [Cii-badges-questions] How do we edit CII report for
>     Jaeger?
>
>     On 2/14/19 9:19 PM, Wheeler, David A wrote:
>      > You're using GitHub for version control
>     (<https://github.com/jaegertracing/jaeger>), so anyone who can
>     directly edit that project should also be able to edit the badge
>     entry.  I've been told that may not work in some cases, however.
>
>     I think it did not work for Yuri.
>
>      > If that doesn't work, we have a mechanism that allows you to
>     grant edit rights to anyone else.  First have the other maintainers
>     create an account on the CII badging project site (using GitHub or
>     their own email address), and have them tell you their user id on
>     the CII Best Practices site.  Then you go to:
>      >
>     https://bestpractices.coreinfrastructure.org/en/projects/1273/edit#add
>      > itional_rights_changes
>      >
>      > You can click on "show details" for more information.   Here's
>     the key text:
>      >> Just enter "+" followed by a comma-separated list of integer
>     user ids. Those users will then also be allowed to edit this project
>     entry. If you're the owner of the badge entry or a BadgeApp
>     administrator, you can remove users from this list by entering "-"
>     followed by a comma-separated list of integer user ids. We expect
>     that normally only one person will edit a particular badge entry at
>     a time. This application uses optimistic locking to prevent saving
>     stale data if multiple users try to edit a badge entry
>     simultaneously. If you have multiple editors, we recommend saving
>     badge entry data incrementally and often (that is a wise practice
>     anyway).
>      >
>      > I hope that helps!!
>
>     Thanks! I added "+3523016" to the field, which should be Yuri's ID
>     on GitHub.
>
>     Yuri: could you check whether you can now edit the badge?
>
>     - Juca.
>


Re: How do we edit CII report for Jaeger?

Juraci Paixão Kröhling <jpkroehling@...>
 

Added: could you try again?

- Juca.

On 2/20/19 4:59 PM, Yuri Shkuro wrote:
I have the account: https://bestpractices.coreinfrastructure.org/en/users/3394
On Wed, Feb 20, 2019 at 10:13 AM Wheeler, David A <dwheeler@ida.org <mailto:dwheeler@ida.org>> wrote:
Don't add the *GitHub* id, add the id on the *BadgeApp*.  Yuri will
need to sign up (create an account) on the BadgeApp first,
https://bestpractices.coreinfrastructure.org
-----Original Message-----
From: Juraci Paixão Kröhling <jpkroehling@redhat.com
<mailto:jpkroehling@redhat.com>>
Sent: Wednesday, February 20, 2019 8:02 AM
To: Yuri Shkuro <ys@uber.com <mailto:ys@uber.com>>
Cc: Wheeler, David A <dwheeler@ida.org <mailto:dwheeler@ida.org>>;
cii-badges-questions@lists.coreinfrastructure.org
<mailto:cii-badges-questions@lists.coreinfrastructure.org>; Dossett,
Jason N <jdossett@ida.org <mailto:jdossett@ida.org>>
Subject: Re: [Cii-badges-questions] How do we edit CII report for
Jaeger?
On 2/14/19 9:19 PM, Wheeler, David A wrote:
> You're using GitHub for version control
(<https://github.com/jaegertracing/jaeger>;), so anyone who can
directly edit that project should also be able to edit the badge
entry.  I've been told that may not work in some cases, however.
I think it did not work for Yuri.

> If that doesn't work, we have a mechanism that allows you to
grant edit rights to anyone else.  First have the other maintainers
create an account on the CII badging project site (using GitHub or
their own email address), and have them tell you their user id on
the CII Best Practices site.  Then you go to:
>
https://bestpractices.coreinfrastructure.org/en/projects/1273/edit#add
> itional_rights_changes
>
> You can click on "show details" for more information.   Here's
the key text:
>> Just enter "+" followed by a comma-separated list of integer
user ids. Those users will then also be allowed to edit this project
entry. If you're the owner of the badge entry or a BadgeApp
administrator, you can remove users from this list by entering "-"
followed by a comma-separated list of integer user ids. We expect
that normally only one person will edit a particular badge entry at
a time. This application uses optimistic locking to prevent saving
stale data if multiple users try to edit a badge entry
simultaneously. If you have multiple editors, we recommend saving
badge entry data incrementally and often (that is a wise practice
anyway).
>
> I hope that helps!!
Thanks! I added "+3523016" to the field, which should be Yuri's ID
on GitHub.
Yuri: could you check whether you can now edit the badge?
- Juca.


Re: How do we edit CII report for Jaeger?

Yuri Shkuro <ys@...>
 


On Wed, Feb 20, 2019 at 10:13 AM Wheeler, David A <dwheeler@...> wrote:
Don't add the *GitHub* id, add the id on the *BadgeApp*.  Yuri will need to sign up (create an account) on the BadgeApp first, https://bestpractices.coreinfrastructure.org

-----Original Message-----
From: Juraci Paixão Kröhling <jpkroehling@...>
Sent: Wednesday, February 20, 2019 8:02 AM
To: Yuri Shkuro <ys@...>
Cc: Wheeler, David A <dwheeler@...>; cii-badges-questions@...; Dossett, Jason N <jdossett@...>
Subject: Re: [Cii-badges-questions] How do we edit CII report for Jaeger?

On 2/14/19 9:19 PM, Wheeler, David A wrote:
> You're using GitHub for version control (<https://github.com/jaegertracing/jaeger>), so anyone who can directly edit that project should also be able to edit the badge entry.  I've been told that may not work in some cases, however.

I think it did not work for Yuri.

> If that doesn't work, we have a mechanism that allows you to grant edit rights to anyone else.  First have the other maintainers create an account on the CII badging project site (using GitHub or their own email address), and have them tell you their user id on the CII Best Practices site.  Then you go to:
> https://bestpractices.coreinfrastructure.org/en/projects/1273/edit#add
> itional_rights_changes
>
> You can click on "show details" for more information.   Here's the key text:
>> Just enter "+" followed by a comma-separated list of integer user ids. Those users will then also be allowed to edit this project entry. If you're the owner of the badge entry or a BadgeApp administrator, you can remove users from this list by entering "-" followed by a comma-separated list of integer user ids. We expect that normally only one person will edit a particular badge entry at a time. This application uses optimistic locking to prevent saving stale data if multiple users try to edit a badge entry simultaneously. If you have multiple editors, we recommend saving badge entry data incrementally and often (that is a wise practice anyway).
>
> I hope that helps!!

Thanks! I added "+3523016" to the field, which should be Yuri's ID on GitHub.

Yuri: could you check whether you can now edit the badge?

- Juca.


Re: How do we edit CII report for Jaeger?

Juraci Paixão Kröhling <jpkroehling@...>
 

On 2/14/19 9:19 PM, Wheeler, David A wrote:
You're using GitHub for version control (<https://github.com/jaegertracing/jaeger>;), so anyone who can directly edit that project should also be able to edit the badge entry. I've been told that may not work in some cases, however.
I think it did not work for Yuri.

If that doesn't work, we have a mechanism that allows you to grant edit rights to anyone else. First have the other maintainers create an account on the CII badging project site (using GitHub or their own email address), and have them tell you their user id on the CII Best Practices site. Then you go to:
https://bestpractices.coreinfrastructure.org/en/projects/1273/edit#additional_rights_changes
You can click on "show details" for more information. Here's the key text:
Just enter "+" followed by a comma-separated list of integer user ids. Those users will then also be allowed to edit this project entry. If you're the owner of the badge entry or a BadgeApp administrator, you can remove users from this list by entering "-" followed by a comma-separated list of integer user ids. We expect that normally only one person will edit a particular badge entry at a time. This application uses optimistic locking to prevent saving stale data if multiple users try to edit a badge entry simultaneously. If you have multiple editors, we recommend saving badge entry data incrementally and often (that is a wise practice anyway).
I hope that helps!!
Thanks! I added "+3523016" to the field, which should be Yuri's ID on GitHub.

Yuri: could you check whether you can now edit the badge?

- Juca.


Re: How do we edit CII report for Jaeger?

David A. Wheeler
 

Don't add the *GitHub* id, add the id on the *BadgeApp*. Yuri will need to sign up (create an account) on the BadgeApp first, https://bestpractices.coreinfrastructure.org

-----Original Message-----
From: Juraci Paixão Kröhling <jpkroehling@redhat.com>
Sent: Wednesday, February 20, 2019 8:02 AM
To: Yuri Shkuro <ys@uber.com>
Cc: Wheeler, David A <dwheeler@ida.org>; cii-badges-questions@lists.coreinfrastructure.org; Dossett, Jason N <jdossett@ida.org>
Subject: Re: [Cii-badges-questions] How do we edit CII report for Jaeger?

On 2/14/19 9:19 PM, Wheeler, David A wrote:
You're using GitHub for version control (<https://github.com/jaegertracing/jaeger>;), so anyone who can directly edit that project should also be able to edit the badge entry. I've been told that may not work in some cases, however.
I think it did not work for Yuri.

If that doesn't work, we have a mechanism that allows you to grant edit rights to anyone else. First have the other maintainers create an account on the CII badging project site (using GitHub or their own email address), and have them tell you their user id on the CII Best Practices site. Then you go to:
https://bestpractices.coreinfrastructure.org/en/projects/1273/edit#add
itional_rights_changes

You can click on "show details" for more information. Here's the key text:
Just enter "+" followed by a comma-separated list of integer user ids. Those users will then also be allowed to edit this project entry. If you're the owner of the badge entry or a BadgeApp administrator, you can remove users from this list by entering "-" followed by a comma-separated list of integer user ids. We expect that normally only one person will edit a particular badge entry at a time. This application uses optimistic locking to prevent saving stale data if multiple users try to edit a badge entry simultaneously. If you have multiple editors, we recommend saving badge entry data incrementally and often (that is a wise practice anyway).
I hope that helps!!
Thanks! I added "+3523016" to the field, which should be Yuri's ID on GitHub.

Yuri: could you check whether you can now edit the badge?

- Juca.


Re: How do we edit CII report for Jaeger?

David A. Wheeler
 

Juca: Absolutely!!

You're using GitHub for version control (<https://github.com/jaegertracing/jaeger>;), so anyone who can directly edit that project should also be able to edit the badge entry. I've been told that may not work in some cases, however.

If that doesn't work, we have a mechanism that allows you to grant edit rights to anyone else. First have the other maintainers create an account on the CII badging project site (using GitHub or their own email address), and have them tell you their user id on the CII Best Practices site. Then you go to:
https://bestpractices.coreinfrastructure.org/en/projects/1273/edit#additional_rights_changes

You can click on "show details" for more information. Here's the key text:
Just enter "+" followed by a comma-separated list of integer user ids. Those users will then also be allowed to edit this project entry. If you're the owner of the badge entry or a BadgeApp administrator, you can remove users from this list by entering "-" followed by a comma-separated list of integer user ids. We expect that normally only one person will edit a particular badge entry at a time. This application uses optimistic locking to prevent saving stale data if multiple users try to edit a badge entry simultaneously. If you have multiple editors, we recommend saving badge entry data incrementally and often (that is a wise practice anyway).
I hope that helps!!

--- David A. Wheeler

-----Original Message-----
From: Cii-badges-questions@lists.coreinfrastructure.org <Cii-badges-questions@lists.coreinfrastructure.org> On Behalf Of Juraci Paixão Kröhling
Sent: Wednesday, February 13, 2019 11:37 AM
To: cii-badges-questions@lists.coreinfrastructure.org
Cc: Yuri Shkuro <ys@uber.com>
Subject: Re: [Cii-badges-questions] How do we edit CII report for Jaeger?

Hey there,

I'm the "owner" of the Jaeger project in the CII badge program (project
#1273) and I'm trying to find a way to give permissions to other maintainers to fill out the forms, but can't find how. Would you be able to help us?

Best,
Juca.

On 2/13/19 4:15 PM, Yuri Shkuro wrote:
No I didn't see an edit button. It's not urgent. CNCF TOC is discussing whether higher rank badges are required for graduation.

On Feb 13, 2019, at 3:35 AM, Juraci Paixão Kröhling <jpkroehling@redhat.com> wrote:

I can't seem to be able to add more people to the project (!!), and I assume you don't see the "Edit" button on top, right? If you don't see it, I'll ask the owners of that application.

https://screenshots.firefox.com/vSZ4K0xzeMEHU5D2/bestpractices.corein
frastructure.org

I worked a bit in the report today but had to work on other things afterwards. There seems to be a lot of new questions there! If there's something "urgent" you want me to fill in, let me know.

- Juca.


On 2/12/19 8:16 PM, Yuri Shkuro wrote:
It comes readonly for me
image.png


Re: How do we edit CII report for Jaeger?

Juraci Paixão Kröhling <jpkroehling@...>
 

Hey there,

I'm the "owner" of the Jaeger project in the CII badge program (project #1273) and I'm trying to find a way to give permissions to other maintainers to fill out the forms, but can't find how. Would you be able to help us?

Best,
Juca.

On 2/13/19 4:15 PM, Yuri Shkuro wrote:
No I didn't see an edit button. It's not urgent. CNCF TOC is discussing whether higher rank badges are required for graduation.

On Feb 13, 2019, at 3:35 AM, Juraci Paixão Kröhling <jpkroehling@redhat.com> wrote:

I can't seem to be able to add more people to the project (!!), and I assume you don't see the "Edit" button on top, right? If you don't see it, I'll ask the owners of that application.

https://screenshots.firefox.com/vSZ4K0xzeMEHU5D2/bestpractices.coreinfrastructure.org

I worked a bit in the report today but had to work on other things afterwards. There seems to be a lot of new questions there! If there's something "urgent" you want me to fill in, let me know.

- Juca.


On 2/12/19 8:16 PM, Yuri Shkuro wrote:
It comes readonly for me
image.png


Re: "Passed" Badge not updated on CNCF Landscape

Dan Kohn <dan@...>
 

We're glad to have you on the landscape and with a badge.
--
Dan Kohn <dan@...>
Executive Director, Cloud Native Computing Foundation https://www.cncf.io
+1-415-233-1000 https://www.dankohn.com


On Mon, Dec 10, 2018 at 3:30 PM Lindsay Hill <LHILL@...> wrote:

Thanks! Quick fix is much appreciated. Have just had some users asking about this recently, so it’s good to be able to show it off. And good that people are specifically seeking out projects that featured here.

 

From: "Wheeler, David A" <dwheeler@...>
Date: Monday, December 10, 2018 at 11:04 AM
To: Dan Kohn <dan@...>
Cc: Dmitri Zimine <DZIMINE@...>, "cii-badges-questions@..." <cii-badges-questions@...>, Lindsay Hill <LHILL@...>
Subject: RE: "Passed" Badge not updated on CNCF Landscape

 

Awesome!  Dan, a big thanks to your team for fixing this so quickly.

 

--- David A. Wheeler

 

From: Dan Kohn <dan@...>
Sent: Monday, December 10, 2018 1:38 PM
To: Wheeler, David A <dwheeler@...>
Cc: DZIMINE@...; cii-badges-questions@...; LHILL@...
Subject: Re: "Passed" Badge not updated on CNCF Landscape

 

 

Thanks for reporting.

--

Dan Kohn <dan@...>

Executive Director, Cloud Native Computing Foundation https://www.cncf.io

+1-415-233-1000 https://www.dankohn.com

 

 

On Mon, Dec 10, 2018 at 11:19 AM Dan Kohn <dan@...> wrote:

Tracking the issue here: https://github.com/cncf/landscape/issues/1038

--

Dan Kohn <dan@...>

Executive Director, Cloud Native Computing Foundation https://www.cncf.io

+1-415-233-1000 https://www.dankohn.com

 

 

On Mon, Dec 10, 2018 at 10:26 AM Wheeler, David A <dwheeler@...> wrote:

Thanks so much for the compliment!

 

I can confirm that StackStorm shows a passing badge.  I think the CNCF landscape dashboard isn’t finding the badge for some reason.

 

Dan Kohn: Any idea what’s happening?

 

--- David A. Wheeler

 

 

From: Cii-badges-questions@... <Cii-badges-questions@...> On Behalf Of Dmitri Zimine
Sent: Friday, December 7, 2018 6:43 PM
To: cii-badges-questions@...
Cc: Lindsay Hill <LHILL@...>
Subject: [Cii-badges-questions] "Passed" Badge not updated on CNCF Landscape

 

Hi all,

 

First thanks for a great service; now could you please help rationalize one little problem:

 

StackStorm is part of CNCF Landscape. We went through the CII assessment and passed it (it's mature opensource project with history and strong community...)

https://bestpractices.coreinfrastructure.org/en/projects/1833

 

But in CNCF Landscape the badge still shows as "No CII best practices ".

https://landscape.cncf.io/selected=stack-storm

 

Do we need to do something extra? Or it's a bug?

 

Thanks for taking a look;

 

Dmitri

 

 


Re: "Passed" Badge not updated on CNCF Landscape

David A. Wheeler
 

Awesome!  Dan, a big thanks to your team for fixing this so quickly.

 

--- David A. Wheeler

 

From: Dan Kohn <dan@...>
Sent: Monday, December 10, 2018 1:38 PM
To: Wheeler, David A <dwheeler@...>
Cc: DZIMINE@...; cii-badges-questions@...; LHILL@...
Subject: Re: "Passed" Badge not updated on CNCF Landscape

 

 

Thanks for reporting.

--

Dan Kohn <dan@...>

Executive Director, Cloud Native Computing Foundation https://www.cncf.io

+1-415-233-1000 https://www.dankohn.com

 

 

On Mon, Dec 10, 2018 at 11:19 AM Dan Kohn <dan@...> wrote:

Tracking the issue here: https://github.com/cncf/landscape/issues/1038

--

Dan Kohn <dan@...>

Executive Director, Cloud Native Computing Foundation https://www.cncf.io

+1-415-233-1000 https://www.dankohn.com

 

 

On Mon, Dec 10, 2018 at 10:26 AM Wheeler, David A <dwheeler@...> wrote:

Thanks so much for the compliment!

 

I can confirm that StackStorm shows a passing badge.  I think the CNCF landscape dashboard isn’t finding the badge for some reason.

 

Dan Kohn: Any idea what’s happening?

 

--- David A. Wheeler

 

 

From: Cii-badges-questions@... <Cii-badges-questions@...> On Behalf Of Dmitri Zimine
Sent: Friday, December 7, 2018 6:43 PM
To: cii-badges-questions@...
Cc: Lindsay Hill <LHILL@...>
Subject: [Cii-badges-questions] "Passed" Badge not updated on CNCF Landscape

 

Hi all,

 

First thanks for a great service; now could you please help rationalize one little problem:

 

StackStorm is part of CNCF Landscape. We went through the CII assessment and passed it (it's mature opensource project with history and strong community...)

https://bestpractices.coreinfrastructure.org/en/projects/1833

 

But in CNCF Landscape the badge still shows as "No CII best practices ".

https://landscape.cncf.io/selected=stack-storm

 

Do we need to do something extra? Or it's a bug?

 

Thanks for taking a look;

 

Dmitri

 

 


Re: "Passed" Badge not updated on CNCF Landscape

Dan Kohn <dan@...>
 

On Mon, Dec 10, 2018 at 11:19 AM Dan Kohn <dan@...> wrote:
Tracking the issue here: https://github.com/cncf/landscape/issues/1038
--
Dan Kohn <dan@...>
Executive Director, Cloud Native Computing Foundation https://www.cncf.io
+1-415-233-1000 https://www.dankohn.com


On Mon, Dec 10, 2018 at 10:26 AM Wheeler, David A <dwheeler@...> wrote:

Thanks so much for the compliment!

 

I can confirm that StackStorm shows a passing badge.  I think the CNCF landscape dashboard isn’t finding the badge for some reason.

 

Dan Kohn: Any idea what’s happening?

 

--- David A. Wheeler

 

 

From: Cii-badges-questions@... <Cii-badges-questions@...> On Behalf Of Dmitri Zimine
Sent: Friday, December 7, 2018 6:43 PM
To: cii-badges-questions@...
Cc: Lindsay Hill <LHILL@...>
Subject: [Cii-badges-questions] "Passed" Badge not updated on CNCF Landscape

 

Hi all,

 

First thanks for a great service; now could you please help rationalize one little problem:

 

StackStorm is part of CNCF Landscape. We went through the CII assessment and passed it (it's mature opensource project with history and strong community...)

https://bestpractices.coreinfrastructure.org/en/projects/1833

 

But in CNCF Landscape the badge still shows as "No CII best practices ".

https://landscape.cncf.io/selected=stack-storm

 

Do we need to do something extra? Or it's a bug?

 

Thanks for taking a look;

 

Dmitri

 

 


Re: "Passed" Badge not updated on CNCF Landscape

Dan Kohn <dan@...>
 

Tracking the issue here: https://github.com/cncf/landscape/issues/1038
--
Dan Kohn <dan@...>
Executive Director, Cloud Native Computing Foundation https://www.cncf.io
+1-415-233-1000 https://www.dankohn.com


On Mon, Dec 10, 2018 at 10:26 AM Wheeler, David A <dwheeler@...> wrote:

Thanks so much for the compliment!

 

I can confirm that StackStorm shows a passing badge.  I think the CNCF landscape dashboard isn’t finding the badge for some reason.

 

Dan Kohn: Any idea what’s happening?

 

--- David A. Wheeler

 

 

From: Cii-badges-questions@... <Cii-badges-questions@...> On Behalf Of Dmitri Zimine
Sent: Friday, December 7, 2018 6:43 PM
To: cii-badges-questions@...
Cc: Lindsay Hill <LHILL@...>
Subject: [Cii-badges-questions] "Passed" Badge not updated on CNCF Landscape

 

Hi all,

 

First thanks for a great service; now could you please help rationalize one little problem:

 

StackStorm is part of CNCF Landscape. We went through the CII assessment and passed it (it's mature opensource project with history and strong community...)

https://bestpractices.coreinfrastructure.org/en/projects/1833

 

But in CNCF Landscape the badge still shows as "No CII best practices ".

https://landscape.cncf.io/selected=stack-storm

 

Do we need to do something extra? Or it's a bug?

 

Thanks for taking a look;

 

Dmitri

 

 


Re: "Passed" Badge not updated on CNCF Landscape

David A. Wheeler
 

Thanks so much for the compliment!

 

I can confirm that StackStorm shows a passing badge.  I think the CNCF landscape dashboard isn’t finding the badge for some reason.

 

Dan Kohn: Any idea what’s happening?

 

--- David A. Wheeler

 

 

From: Cii-badges-questions@... <Cii-badges-questions@...> On Behalf Of Dmitri Zimine
Sent: Friday, December 7, 2018 6:43 PM
To: cii-badges-questions@...
Cc: Lindsay Hill <LHILL@...>
Subject: [Cii-badges-questions] "Passed" Badge not updated on CNCF Landscape

 

Hi all,

 

First thanks for a great service; now could you please help rationalize one little problem:

 

StackStorm is part of CNCF Landscape. We went through the CII assessment and passed it (it's mature opensource project with history and strong community...)

https://bestpractices.coreinfrastructure.org/en/projects/1833

 

But in CNCF Landscape the badge still shows as "No CII best practices ".

https://landscape.cncf.io/selected=stack-storm

 

Do we need to do something extra? Or it's a bug?

 

Thanks for taking a look;

 

Dmitri

 

 


"Passed" Badge not updated on CNCF Landscape

Dmitri Zimine <DZIMINE@...>
 

Hi all,

 

First thanks for a great service; now could you please help rationalize one little problem:

 

StackStorm is part of CNCF Landscape. We went through the CII assessment and passed it (it's mature opensource project with history and strong community...)

https://bestpractices.coreinfrastructure.org/en/projects/1833

 

But in CNCF Landscape the badge still shows as "No CII best practices ".

https://landscape.cncf.io/selected=stack-storm

 

Do we need to do something extra? Or it's a bug?

 

Thanks for taking a look;

 

Dmitri

 

 


Re: Changing badge owner?

David A. Wheeler
 

Yes indeed.  It’s a manual process, because it happens rarely (at most a few times a year).

 

Tell us what project # you want to take over.  We’ll email both you & the original project owner.  If all seems okay, we switch.

 

--- David A. Wheeler

 

From: Cii-badges-questions@... [mailto:Cii-badges-questions@...] On Behalf Of Justin Cappos
Sent: Friday, October 12, 2018 5:51 PM
To: cii-badges-questions@...
Subject: [Cii-badges-questions] Changing badge owner?

 

Is there a way to change a badge's owner?  (I was planning to take ownership of the TUF project's badge.)

 

I looked several places but couldn't see how to do this on the site.

 

Thanks!

Justin


Changing badge owner?

Justin Cappos <jcappos@...>
 

Is there a way to change a badge's owner?  (I was planning to take ownership of the TUF project's badge.)

I looked several places but couldn't see how to do this on the site.

Thanks!
Justin


Re: Test

David A. Wheeler
 

Marcus:
Test of non-member posting
It worked!

--- David A. Wheeler

1 - 20 of 26