kubernetes
/
community
mirror of https://github.com/kubernetes/community.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

adding clarification about IP rights (#5793) 

* adding clarification about IP rights

thanks to scott, chris, amye and rey for assistance

* typo

thanks to scott, chris, amye and rey for assistance - and fixed typos

* fixed spelling error

thanks automated spell check!

* Update sig-security/security-audit-2021/RFP.md

Co-authored-by: Rey Lejano <52760880+reylejano@users.noreply.github.com>

* Update sig-security/security-audit-2021/RFP.md

Co-authored-by: Rey Lejano <52760880+reylejano@users.noreply.github.com>

* clarify code license

replace "used" with "released"

Co-authored-by: Rey Lejano <52760880+reylejano@users.noreply.github.com>
This commit is contained in:
Robert A Ficcaglia 2021-05-25 09:22:35 -07:00 committed by GitHub
parent 36e62d5c8c
commit c232cd405e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
sig-security/security-audit-2021/RFP.md
View File

@ -127,3 +127,12 @@ The audit should result in the following deliverables, which will be made public
### Do we need to use our own hardware and infrastructure or should we use a cloud?
Strong preference would be for the vendor to provide their own infrastructure or use a public cloud provider, just NOT a managed offering like GKE or EKS. The reasoning is to prevent accidentally auditing a cloud provider's kubernetes service instead of kubernetes/kubernetes. Depending on the scope and approach, it may make sense to use a local cluster (e.g. kind) for API fuzzing and anything that doesn't impact the underlying OS, and is an easy to use repeatable setup (see Methodology above).
### What is the intellectual property ownership of the report and all work product?
The report must be licensed under the Creative Commons Attribution 4.0 International Public License (CC BY 4.0) based on [section 11.(f) of the Cloud Native Computing Foundation (CNCF) Charter](https://github.com/cncf/foundation/blob/master/charter.md#11-ip-policy).
Separately, any code released with or as part of the report needs to be under the Apache License, version 2.0. Please refer to [sections 11.(e) and (d) in the CNCF Charter](https://github.com/cncf/foundation/blob/master/charter.md#11-ip-policy).
### Must I use the report format from the previous audit? Can the SIG provide a report format template I can use?
Vendors who wish to use either the previous report format, as allowed by CC BY 4.0, or a report format provided by the community may do so as long as it is also available under CC BY 4.0. Vendors who wish to publish 2 versions of the report, one tailored for the community under CC BY 4.0 and one that they host on their own site using their proprietary fonts, formats, branding, or other copyrights, under their own license may do so, in order to differentiate their commercial report format from this report. Vendors may also publish a synopsis and marketing materials regarding the report on their website as long as it links to the original report in this repository. In the community report, vendors can place links in the report to materials hosted on their commercial site. This does not imply that linked materials are themselves CC BY 4.0.