This document provides a consistent mechanism for cloud native security to produce community papers, ensure they are reviewed, and subsequently published. This content complements existing proposal-to-project instructions.
For detailed guidelines on publishing standards and protocols, refer to Publishing Protocols for Project Deliverables and Publishing Guidelines and Standards.
When proposing a paper as a deliverable, ensure there is a clearly identified lead and a well-defined scope. The paper scope and topic should be raised in at least one TAG meeting to solicit more volunteers (ideally 4). Interested parties should meet to outline the paper and present it to TAG leadership for planning and scheduling.
Once a TAG Leadership sponsor is assigned, the group should agree on a tentative schedule with the following milestones:
| Milestone | Estimated Time |
|---|---|
| Audience, Goals, & refining scope | 1 week |
| Tasking Assignment | 1 week |
| Content Rough-in | 2-3 weeks |
| Collaborative Review | 2 weeks |
| Executive Summary and content wrap up | 2 weeks |
| Narrative Voice | 1-2 weeks |
| Final Group Review | 1 week |
| Community Review | 2 weeks |
| Public comment adjudication | 2 weeks (simultaneous with review) |
| CNCF publishing engagement | ~2-3 weeks |
| Addition to the repo | 2 weeks |
| Blog post and publishing coordination | 2-3 weeks |
Define the following:
- Who is the intended audience?
- What positions do they hold?
- What problem are we addressing?
- What assumptions are we making about the audience or content?
- Document these in the "Introduction > Assumptions" section.
Contributors should assign themselves to various outline areas. This allows focus and identifies gaps needing more contributors. Use tools like Google Docs' "assign to me" feature for task assignment.
Assignees provide rough content through phrases, paragraphs, or bullets. Draft content should be marked clearly.
Contributors refine raw content into drafts, comment on sections, expand ideas, and provide citations. Use the corresponding Slack channel for larger thematic discussions.
If the paper exceeds five pages, write an executive summary. Finalize content and discussions.
Assign no more than three individuals for this task to ensure a unified voice. Ensure consistent language, phrasing, acronym use, footnotes, and citations.
Collectively review the polished paper before opening it for community review.
Lock the paper from editing (except for Adjudicators). Make it public for comments and suggestions. Announce the review period via the CNCF TAG-Security mailing list.
Adjudicators resolve community comments and suggestions. Larger discussions should be decisively resolved and documented.
TAG Leadership sponsor works with CNCF for final edits, PDF conversion, and graphics inclusion. Review drafts before the final version is added to the repo.
The paper lead creates a README.md with:
- Title
- About: Brief summary
- Updates: Maintenance intentions
- Markdown: Maintained in markdown
- Contributing updates: Guidance for contributors
- Versioning and publishing: Criteria for updates
- Original design decisions
- Links to files in the repo
Coordinate with TAG leadership and CNCF for a blog post to increase visibility. Consider presenting at community events.
Papers created by TAG-Security are authored by the group, with contributors and reviewers acknowledged. Major contributors are highlighted in the "Acknowledgements" section. Each document should contain "Contributors," "Reviewers," and "Acknowledgements" sections as appropriate.