Skip to content

Clarify GTR security questions to focus on Cloud Native Security Tenets#2027

Merged
brandtkeller merged 1 commit intocncf:mainfrom
RainbowMango:pr_clarify_gtr
Apr 25, 2026
Merged

Clarify GTR security questions to focus on Cloud Native Security Tenets#2027
brandtkeller merged 1 commit intocncf:mainfrom
RainbowMango:pr_clarify_gtr

Conversation

@RainbowMango
Copy link
Copy Markdown
Contributor

@RainbowMango RainbowMango commented Jan 27, 2026

This PR removes the redundant cloud native principles question from the Security section of General Technical Review questions. Based on PR #1441 discussions here, the question referencing cloud native principles was intended to specifically address the Cloud Native Security Tenets (the linked Cloud Native 8 document), not generic principles.

Fixes #1673

@RainbowMango RainbowMango requested review from a team as code owners January 27, 2026 12:14
Copilot AI review requested due to automatic review settings January 27, 2026 12:14
Copilot AI reviewed Jan 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR clarifies the General Technical Review (GTR) security questions so they explicitly reference the Cloud Native Security Tenets, and removes an ambiguous “cloud native principles” question.

Changes:

  • Update the Cloud Native Security Tenets link to the current path under the TAG Security repository.
  • Remove the redundant/ambiguous question about “cloud native principles,” keeping only the focused question on how projects satisfy the Cloud Native Security Tenets.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@RainbowMango RainbowMango mentioned this pull request Jan 27, 2026
Closed
@RainbowMango
Copy link
Copy Markdown
Contributor Author

RainbowMango commented Jan 27, 2026

@angellk @kevin-wangzefeng Could you please take a look?

kevin-wangzefeng
kevin-wangzefeng approved these changes Feb 1, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@kevin-wangzefeng kevin-wangzefeng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks

@joshgav joshgav added the review/tech Project Tech Review label Feb 3, 2026
@joshgav joshgav moved this from New to Active Review & Discussion in CNCF TOC Board Feb 3, 2026
@github-actions github-actions Bot added needs-triage Indicates an issue or PR that has not been triaged yet (has a 'triage/foo' label applied) needs-kind Indicates an issue or PR that is missing an issue type or kind (a kind/foo label) labels Apr 22, 2026
@github-actions github-actions Bot added the needs-group Indicates an issue or PR that has not been assigned a group (toc or tag/foo label applied) label Apr 22, 2026
@github-project-automation github-project-automation Bot moved this to New - Pending Review in Project Reviews Apr 22, 2026
brandtkeller
brandtkeller requested changes Apr 24, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@brandtkeller brandtkeller left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor adjustment for accuracy

Comment thread .archive/resources/toc-supporting-guides/general-technical-questions.md Outdated
angellk
angellk approved these changes Apr 24, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@angellk angellk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@RainbowMango
Copy link
Copy Markdown
Contributor Author

RainbowMango commented Apr 25, 2026

@brandtkeller, your suggestion has been accepted. Could you please give it another look and approval if no further comments? So we can move this forward then.

@brandtkeller
Copy link
Copy Markdown
Member

brandtkeller commented Apr 25, 2026

I don't have any issue with accepting these changes - but I do want to acknowledge that this is updating the version under the '.archive' directory and not the actively linked version under 'toc_subprojects'.

If that is the intent I can merge this as is.

@RainbowMango
Copy link
Copy Markdown
Contributor Author

RainbowMango commented Apr 25, 2026

@brandtkeller

Thanks for pointing that out! When I originally submitted this PR, the actively linked version under toc_subprojects didn't exist yet — it was introduced after my PR was created.

I've now checked the current version under toc_subprojects/project-reviews-subproject/general-technical-questions.md and found that the same issue exists there as well (the "Cloud Native Security Tenets" link, while currently resolving under the tag-security repo path, should be updated to point to the contribute-site repo to stay consistent with the ongoing migration).

I think I can update this PR to apply the fix to both locations. What do you think?

@brandtkeller
Copy link
Copy Markdown
Member

brandtkeller commented Apr 25, 2026

@RainbowMango that would be great if you don't mind.

@RainbowMango @brandtkeller
clarify GTR questions regarding security principles
55c2ec8 
Signed-off-by: RainbowMango <qdurenhongcai@gmail.com>
Co-authored-by: Brandt Keller <43887158+brandtkeller@users.noreply.github.com>
@RainbowMango RainbowMango requested a review from a team as a code owner April 25, 2026 03:46
@RainbowMango
Copy link
Copy Markdown
Contributor Author

RainbowMango commented Apr 25, 2026

Done.
Tidied the commits and added you as the co-author. @brandtkeller

@brandtkeller brandtkeller merged commit 1ef5889 into cncf:main Apr 25, 2026
1 check passed
@github-project-automation github-project-automation Bot moved this from Active Review & Discussion to Done in CNCF TOC Board Apr 25, 2026
@github-project-automation github-project-automation Bot moved this from New - Pending Review to Done in Project Reviews Apr 25, 2026
@zhzhuang-zju zhzhuang-zju mentioned this pull request Apr 30, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@angellk angellk angellk approved these changes

@jeefy jeefy jeefy approved these changes

@kevin-wangzefeng kevin-wangzefeng kevin-wangzefeng approved these changes

@brandtkeller brandtkeller brandtkeller approved these changes

Assignees

No one assigned

Labels

needs-group Indicates an issue or PR that has not been assigned a group (toc or tag/foo label applied) needs-kind Indicates an issue or PR that is missing an issue type or kind (a kind/foo label) needs-triage Indicates an issue or PR that has not been triaged yet (has a 'triage/foo' label applied) review/tech Project Tech Review

Projects

CNCF TOC Board
Status: Done
Project Reviews
Status: Done
TAG Developer Experience
Status: No status
TAG Infrastructure
Status: No status
TAG Operational Resilience
Status: No status
TAG Security and Compliance
Status: No status
TAG Workloads Foundation
Status: No status

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

GTR cloud native principles question

7 participants

@RainbowMango @brandtkeller @angellk @jeefy @kevin-wangzefeng @joshgav