This is great news! We'll start working on all the steps shortly

@thomastaylor312: One thing that would be a big help is an OWNERS file, I don't see anything in https://github.com/deislabs/krustlet

Yeah, I'll take care of that first

Please ping me when this project moves to a separate GitHub org.

Devstats instance created.

Here is a PR to add a code owners file to the repo - krustlet/krustlet#643

It is using the CODEOWNERS format, as defined by GitHub - https://help.github.com/en/articles/about-code-owners, let us know if the format is ok, or if we need to change it to an OWNERS file.

For the license scanning tool, is there a free for open source version of one of those tools or a license the CNCF can give us access to?

I think we'll go ahead and use fossa. I assume it will be easier to set up once we move over to a neutral org (which we have, but are tying up a few loose ends before we do)

Just contacted our legal team for signing the logo transfer agreement. If needed, is there someone from the CNCF I should pull in?

@thomastaylor312: You can start with me and I'll help route it to the correct place.

@thomastaylor312: checking back in here, artwork is the big next step.
Thanks!

Yep, things are in motion on our legal side, the agreements will be sent out soon. Then next week I am planning on moving the repos and setting up all the bots

Trademark agreement has been signed, so that can be checked off. I'll add the logos to the artwork repo

Ok, I have most of the logos added but I am waiting on opening a PR because we are missing a few variations/types of the logo. Some people are out on vacation, so it won't be until Monday-ish next week

Added LF and Chris to the new GH org we'll be moving the repo to

The repo has been migrated to its new home: https://github.com/krustlet/krustlet

DCO is enabled in the new org

At this rate, you'll be done by the end of the week! Marking off GH owners, DCO and neutral GH repo

I think we are ready to enable the synk license scanner whenever that is ready!

Quick question here as well: We just finished adding some Rust specific license checks. Everything looks good, but there is one transitive dependency with a BSD-2 Clause license. Are there any problems with that for a CNCF project?

Ok, there was one more license I missed here. We have a transitive dependency on a crate called webpki-roots that has an MPL-2.0 license. It looks like from the FAQ all we might need is a NOTICE file pointing them to the original source. Is this something to open a service desk ticket for?

Done! Thank you!

@thomastaylor312: Checking back in here, anything else that can be checked off?

These things are done

• Website: ensure LF footer is there and website guidelines followed
• I thought this was done, let me know if it isn't: Website: Analytics transferred to amye@linuxfoundation.org
• Everything under the first section except for adding to the landscape

We are waiting on these:

• Domain: transfer domain to the CNCF - please send a transfer code to project-onboarding@cncf.io We sent the transfer code a while ago and never got confirmation if the domain was transferred
• Adopt a license scanning tool, like FOSSA or Snyk: We were told to wait and we'd get something for snyk. FWIW, we have a Rust specific license tool that already scans everything. If that counts, we can check it off

Marking those off!
Re: domain - which domain should I be looking for? You can also use this: https://jira.linuxfoundation.org/plugins/servlet/theme/portal/2/create/63 - put it under CNCF
@idvoretskyi to weigh in on license scanning:

We sent the transfer code for krustlet.dev to the project-onboarding email

We sent the transfer code for krustlet.dev to the project-onboarding email

You are right! We are all set here! Marking that off.

CII badge has been added and has an open PR to add to the readme: krustlet/krustlet#685

Also, the part about the LF footer on the webpage should be checked off as that has been added

And PR to add to the landscape: cncf/landscape#2301

@thomastaylor312 - so very close! We'd like to get all project onboarding closed out by December 15th. Thanks!

@amye We are still waiting on an answer about the license scanner. We have something in place that is built for Rust, but I don't know if it is "blessed"

@flynnduism do you have access to the website analytics so we can pass those on?

@thomastaylor312 re: license scanner, let me check with the Snyk team on their Rust support status now (it was in the early stage a few months ago). Alternatively, you may consider FOSSA - https://docs.fossa.com/docs/rust, but Rust is in Alpha there still.

Can you share the details of your license scanner as well, please? FOSSA and Snyk are the preferred tools for us, but we are fine with granting an exception.

@idvoretskyi cargo deny is used across the ecosystem and we have all the stuff in place to check for license scanning already: https://embarkstudios.github.io/cargo-deny/checks/licenses/index.html

@thomastaylor312 great, thanks. Can I see a sample report of it, please?

I've just got a confirmation from Snyk that Rust support is not ready yet (ETA - H1'2022), so either your tool or FOSSA can be a good solution in your case.

@flynnduism do you have access to the website analytics so we can pass those on?

Yes I will go do that

@idvoretskyi Here is the latest report: https://github.com/krustlet/krustlet/runs/4255117884?check_suite_focus=true

You'll notice the failure from one of the MPL-2.0 licensed things we have that we have an open issue for to get an exception from the CNCF.

You can see what we are checking for here: https://github.com/krustlet/krustlet/blob/main/deny.toml#L7-L61

Sounds good, thanks @thomastaylor312!

I’ll let @caniszczyk comment, but I don’t see an issue here.

@idvoretskyi Here is the latest report: https://github.com/krustlet/krustlet/runs/4255117884?check_suite_focus=true

You'll notice the failure from one of the MPL-2.0 licensed things we have that we have an open issue for to get an exception from the CNCF.

You can see what we are checking for here: https://github.com/krustlet/krustlet/blob/main/deny.toml#L7-L61

Ok, if we need a license exception here, https://github.com/cncf/foundation/issues is the correct place for this. If there already is an issue created, that's fabulous, I'm just not seeing one.
(Just catching back up on these.)

@amye Right here! cncf/foundation#172

aha! I knew I was missing it, I was lookjng for 'krustlet'.

@jeefy - when you get a chance, can I have you check on the license scanning tool? Either Krustlet's or FOSSA will work.

Marking as closed, we can help transfer FOSSA through Servicedesk