I get asked a lot of questions that involve Semantic Versioning (a.k.a. SemVer). I also get told that something some piece of software does around it is wrong. Having spent far too much time dealing versions, this post tries to clear up some of the more common misconceptions.
When I read about the use of Tiller in the article on SAP AI vulnerabilities, I was a bit surprised. The article came out around three and a half years after Helm v2 - which includes Tiller - reached its end of life. It had been even longer since the last Helm v2 release.
Looking at the downloads of Tiller, I was surprised to find tens of thousands of downloads each week. The image blew is the downloads from the last 3 versions of Tiller. If I look beyond those 3 versions I can see even more downloads each week.
Helm v2 with Tiller still seems to get some decent use.
There are fewer contributors to CNCF projects than there were a few years ago. During that time, there has been an increase in the number of projects in the CNCF. I’ve been wondering what the data can tell us about what’s going on. Here’s what I’ve found from my preliminary review of the data.
Every month, new projects are submitted to the CNCF Sandbox in hopes of having their project join the CNCF. But, there’s a bunch of things that often escape the attention of companies and project maintainers when they submit their projects. It’s all in the fine print but, how often do we read that and realize what it means. With that in mind, let’s take a look at some things worth knowing and realizing before submitting any new project to the CNCF.
I just finished a two year term on the Cloud Native Computing Foundation (CNCF) Technical Oversight Committee (TOC). Being too busy to dedicate the time it deserves, I didn’t run for another term. Before I put the TOC out of my mind, I wanted to take some time and do a retrospective. I’m hopeful this is useful for the future TOC members and the broader cloud native community who doesn’t have deep insight into how the TOC works and what it does.