osquery / foundation Goto Github PK
View Code? Open in Web Editor NEWosquery Foundation Charter, Legal, and Process Documents
Home Page: http://osquery.io
License: Other
osquery Foundation Charter, Legal, and Process Documents
Home Page: http://osquery.io
License: Other
We run https://osquery-slack.herokuapp.com/ for slack onboarding. Anyone have access to that? @theopolis
Relates to: #4
There is already an osquery docker hub organization (https://hub.docker.com/u/osquery). Anyone have access?
Relates to: #4
It's come up several times that @mike-myers-tob would be a great person to give more osquery permissions to. Most recently, in office hours. He'd love to help triage, and there's general feelings that he'd be great at it.
As we don't have the "triage" role in our organization (see #19) I propose we:
Barring objections I'm going to do this in a couple of days. Feel free to thumbs up/down or ping me privately with concerns.
osquery's DNS is still in a facebook cloud somewhere. We should move that to gsuite.
In office hours today, @muffins mentioned that he's been speaking with Ryan (@ryantimwilson) and as Ryan hasn't much been involved with the osquery community, it makes sense to handoff and kind of TSC duties from Ryan to Nick.
For reference, the TSC is currently:
I think this raises several questions, which we don't have to formally answer:
In discussing hosting with Fastly (#75), they ask if we can list them as a sponsor. This seems fine to me, and seems supported by folks on Slack, but raises the question of where? We do not currently have a sponsors page on our website.
List of sponsors I can think of:
Possible places to list sponsors:
README.md
Right now, I'm favoring the readme, and the footer. Curious if others have opinions.
Some running notes about some administrative infra we probably need:
We'll want to sign things as the foundation, which requires an apple developer account. Which, as an organization, requires a DUNS number
We should figure out what our new copyright block should be.
I searched for "copyright" in several linux foundation projects. Some results
Our package downloads are currently running around 70TB/month. And this is growing. This is fairly expensive to me, personally, so I've been slowly trying to find a better answer.
2.8 Limitation on Serving Non-HTML Content
)Some discussion about what kind of process we want to merge PRs.
Some things I've heard:
My personal bias is to CODEOWNERS for subject matter experts
When I was initially chosen to be on the TSC I was a very active member of the osquery community. Unfortunately in the last couple years I have been quite absent. There are now new contributors who are actively involved and having the kind of impact on the project that a TSC member should. Therefore I propose to resign and make room for someone new.
I propose we require squash commits for osquery.
My interest comes from working in large monorepos, and allowing people to iterate with a lot of little commits. These days, github has a toggles. We currently allow rebase and squash. I propose we only allow squash.
Please vote, thumbs up or thumbs down. Or discuss if there's something substantial
For the last many years, osquery has been signed by a Facebook's apple account. As the osquery foundation now has it's own apple account, we will soon transitioning to using osquery's account to sign.
It is unclear whether this will have adverse impact on any in the macadmins community. This ticket is meant as a place to solicit feedback. Especially if someone anticipates this as a problem, or has a suggestion.
Old | New | |
---|---|---|
Team ID | B89LNTUADM |
3522FA9PXF |
A couple times recently we've talked about transferring https://github.com/kolide/osquery-go from Kolide to the foundation. Having now talked to a handful of people, I believe that this is desired by all parties, and feasible.
As it stands, the osquery-go project is covered by an MIT license. And it's minimal CLA does notcover re-licensing. Our charter requires that all inbound works conform to our usual license. But allows the TSC to accept other things on an exception basis.
This presents us with 3 options:
I think we should pursue (3). Things that need to happen:
I am working on (2) and (3). Can the rest of the TSC (@zwass, @theopolis, @muffins, @groob, @alessandrogario) weigh in? By our charter. electronic voting requires consensus, else majority in a meeting.
We should figure out what the state of slack is. I believe it's currently owned/paid for by Facebook. We should understand what it costs, and what we want to do with it going forward. https://get.slack.help/hc/en-us/articles/204368833-Slack-for-Nonprofits may be an option.
Relates to: #4
At least a couple of times, I've been pinged by users for the CLA before they sign it. At least right now, I can't figure out how to do that in EasyCLA. (this is a tracking issue)
One issue seems to be that the admin interface has a "download as PDF" button, but it directs to https://project.lfcla.com/null which doesn't render. There's a lot of javascript around there, I can't really whats going on. I suspect this is communitybridge/easycla#278
Another issue is that there's no obvious way for users to discover what's going on. I don't see anything a user could click on before opening a PR. I don't see anything in the status messages. Nor do I see it in the EasyCLA interface. Perhaps there's a link, I'd love to know. I suspect this is communitybridge/easycla#265
How is readthedocs managed. @zwass you said you maybe talked to @theopolis about it?
I hope this is not in bad form for me to nominate myself like this but we discussed at this week's office hours, I wouldn't mind having the right to Approve PRs in osquery/osquery as a way to add a reviewer.
Recently I have tested and reviewed PRs from our contributors that still waited for a month or several months because no other reviewers with C++ and Windows experience were available to approve. Just want to help with that.
Big open source projects run surveys to find out who the users are and some of their needs.
Now that the handover to the osquery foundation is settling down, it might be a good idea to run a survey targeting our users.
AFAIK, TrailOfBits are the only ones who have done any kind of research like that, but it was private/targeting their customers.
Leave your thoughts below and I'll edit the issue over time.
@sharvilshah has been contributing to osquery since 2015 and is a go-to expert on macOS development and packaging, along with general osquery development. Notable recent contributions include the development of the new Endpoint Security tables, and support with the M1 port. With his new position at Fleet he will now be focusing full-time on osquery development.
In recognition of Sharvil's efforts, along with a desire to bring more regular contributors into the TSC, I propose electing Sharvil to TSC membership.
From the Charter:
Decisions made by electronic vote without a meeting require a majority vote of all voting members of the TSC.
I propose that we vote, via this issue, to elect Sharvil Shah to the position of TSC member. All TSC members in favor, please comment in the affirmative.
If we don't reach a majority of TSC members via electronic voting, I will bring up the matter at the next TSC meeting in which we have a quorum (50% of TSC members).
Today in CONTRIBUTING:
https://github.com/osquery/osquery/blob/experimental/CONTRIBUTING.md#contributor-license-agreement
You must submit a Facebook Contributor License Agreement (CLA) before we can accept any of your pull requests. You only need to submit one CLA for any of Facebook's open source projects.
You can complete your CLA at https://code.facebook.com/cla.
Does the osquery foundation have it's own CLA? What is it?
osquery has had aarch64 support (osquery/osquery#6612) for a bit. Huge shoutouts to the contributors on that). The big sticking point in declaring it stable, is adding it to CI.
Our last CI was Azure Pipelines, our current CI is GitHub Actions. Unfortunately, neither of these host aarch64 runners. But, they both distribute runners for that platform so you can run your own... (GitHub actions is a fork of Azure Pipelines, so it's unsurprising they look similar)
A short link dump, and discussion, about possible solutions
Envoy uses an AWS autoscaling group to manage workers. These workers have some tooling to run a single job, and then detach themselves. This feels very clean, in that it uses a simple AWS tool to handle availability.
References:
We could host runners as pods in a Kubernetes cluster. This is appealing in it's simplicity, at least once you accept kubernetes.
I think this has some potential drawbacks around security. I don't pods are as isolated as we might like them to be.
There's also a drawback in that we have to bring in kubernetes. I have some experience there (Kolide runs several clusters) but it would be new to the osquery project
References:
Philips uses a pile of terraform to creates lambdas to manage spinning up and down spot instances as workers. This looks pretty well formed, and has some discussion of security. I think it trades the complexity of the Auto Scaling Group for a lambda function.
While I think this is a strong contender, I think it will be simpler for us to use auto scaling groups.
References:
There may be some CI vendors that have native support for aarch64. Amazon's various offerings, travis-ci.
However, moving CI has significant complexity cost to us. We are currently primarily invested in GitHub.
However, if Amazon CodeBuild works well enough, it might be okay to maintain both? Worth at least a little experimenting
There's an osquery keybase user. I believe they predate the osquery teams.
Any one have access? What should we do with that?
Relates to: #4
@marcosd4h has increasingly been doing more osquery work. He's really stepped up to reviewing Windows related PRs and contributing to the project. I propose we make him a contributor.
I do not believe we have formal policy for this process. I'm going to see if we get approval from a handful of core members, and give folks a chance to raise objections. (If you're not comfortable speaking publicly, feel free to find me on slack or email)
I noticed that we're on a legacy GitHub Bronze billing plan, currently covered by FaceBook.
My read on the current plans, is that this primarily gets us private repos, which we don't have. It might also enable some things around team discussions. It probably does not include beta features like Triage
I propose we confirm with support that moving to Team for open source isn't going to lose us anything, and then work with github to convert us.
As this is a billing change, I want to poll the TSC folks, @theopolis in particular, for his Facebook background.
We have an 1password team! (thanks @theopolis). 1password will do do free teams for OSS projects. (for the price of named use). Their instructions are at https://github.com/1Password/1password-teams-open-source
I think it's reasonable to add ourselves to that. 👍 / 👎 ? (I'll do that work if we have consensus)
https://scan.coverity.com/projects/osquery exists. We should figure out how to claim it
Relates to: #4
Apparently we have some people interested in running ads on readthedocs, and they reached out to work out a revenue share with us. This means we need a way to take in revenue.
It sounds like the Linux Foundation recommends funding.communitybridge.org here, we've started setting that up
In 2019-09-17 office hours we talked a little about whether we should be shipping packs. In office hours, there's a strong bias to drop them. We don't really vet or maintain them.
But chatting on macadmins, I hear strong interest. Summarizing some things:
shipping packs is batteries included
Osquery at previous Org would have not been successful without the packs. They were the launchpad for ideas and helped show what osquery was capable of. It was a firehouse that we had to tune but it wasn’t too hard to determine what was the outliers in the data. There probably a bit too much overlap in the packs for people just looking at it and that could be overwhelming for beginners.
There’s very little documentation around why some of the queries work and what false positives they have. An example of a confusing osquery issue is the joining on userid. Nobody is gonna know why that’s important or even there since it’s documented in a GitHub issue.
An example of a good query is the reverse shell query it has a ton of info online about false positives and why it works but that’s not gonna help someone who is just starting with osquery and is scared 😱 they are owned.
the first is that “onboarding” is very important for any open source project
the “default packs” that ship with the project should be “model” packs—they should teach the end user of osquery (security team) what “good queries” look like.
i think people don’t even realize this is a problem that needs to be solved. Newcomers assuming the packs have high value and conflating osquery with the “maintained” packs
The framing between query sharing, and packs isn't clear to everyone. These may be different, or the same.
Relates to:
The osquery downloads are part of facebook's cloud. We should think about them, and move them. This dovetails with the various CI/CD efforts in osquery
We should find/secure access to the twitter account.
Relates to: #4
Right now, @zwass and I are the only active Go maintainers. This does not feel stable. I propose we add more.
I have created a team go-maitainers
as ground work, and I'd propose we add:
I'm also open other members of the broader community.
Mike has left Trail of Bits and no longer uses the old account. This has been validated in osquery office hours by discussing with Mike on video.
In office hours today, we discussed that we've started using https://github.com/osquery/osquery/security to track things. As such, we should backfill that with content from SECURITY.md
I think it's reasonable to add Sharvil as an Apple Developer. (See #72 for what that means). I've spoken with enough of the TSC that I think folks are onboard. This ticket is here to note that work.
@directionless has been contributing to osquery since 2018, and on the Technical Steering Committee since its creation in 2019. He leads most office hours meetings and typically serves as the contact between the TSC and other institutions (Linux Foundation, Apple, etc.)
From the Charter:
The TSC may elect a TSC Chair, who will preside over meetings of the TSC and will serve until their resignation or replacement by the TSC. The TSC Chair, or any other TSC member so designated by the TSC, will serve as the primary communication contact between the Project and the OSQUERY Fund of The Linux Foundation.
I observe that Seph is essentially performing the above duties, namely presiding over meetings (office hours) and serving as the primary communication contact between osquery and The Linux Foundation.
From the Charter:
Decisions made by electronic vote without a meeting require a majority vote of all voting members of the TSC.
I propose that we vote, via this issue, to elect Seph (Joseph Sokol-Margolis) to the position of TSC Chair. All TSC members in favor, please comment in the affirmative.
If we don't reach a majority of TSC members via electronic voting, I will bring up the matter at the next TSC meeting in which we have a quorum (50% of TSC members).
Hosting our packages downloads are pretty expensive at our scale. For various reasons, I have a strong fondness for Fastly. I am starting to talk to them, about their open source / community hosting efforts.
In office hours 2019-10-15 we expressed an interest in getting more people as contributors. We both need to get some initial people, and also need to [eventually] develop a process for nominating them.
cc: @theopolis, @zwass, @alessandrogario
Community bridge requires we have a badge from Core Infrastructure Initiative https://www.coreinfrastructure.org/programs/badge-program/
Who has access to the package repositories? How do they work. Etc.
Would we want to think about https://packagecloud.io/ or some other hosted entity?
Relates to: #4
Right now myself and I think one or two others are the mods of the /r/osquery
subreddit. Lemme know who else I can make mods so that we balance this regulation around the council.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.