
Ask HN: Am I crazy to distrust the CNCF? - hardwaresofton
If you&#x27;ve got a tin foil hat close by this would be the time to put it on.<p>I&#x27;ve vaguely distrusted the CNCF for a long time now. While I like the majority of what they&#x27;re doing (helping fund and manage open source projects), it&#x27;s never sat right to me... Companies don&#x27;t move out&#x2F;donate large sums out of pure altruism, and the consistent and persistent (successful) branding attempts everywhere, really trying to burn the word &quot;CNCF&quot; and the marketing term &quot;cloud native&quot; into your mind, and sheer amount of projects they&#x27;re funding&#x2F;supporting in some way smacks of the VC-backed &quot;high-growth&quot; startup play that never pans out as well for customers as it does for VCs&#x2F;early founders.<p>Up until now, I&#x27;ve vaguely thought their goal was only establishing themselves as the de-facto standard for &quot;cloud computing&quot;, basically spreading massive good will now so they can reap the rewards later, and signalling themselves to big companies. However it just dawned on me that the actual goal might be subtly influencing free&#x2F;open source products via their &quot;graduation&quot;&#x2F;standardization process. Projects that deserve to &quot;graduate&quot; will essentially have to bend to &quot;standards&quot; set by the CNCF&#x2F;Linux Foundation and resulting their top backers to them the most.
======
dankohn1
I presume any comments from me are unlikely to convince you that CNCF is a
trustworthy organization, but I would suggest that the 2018 CNCF Annual Report
is probably the best source of understanding what we do and why we do it.

[https://www.cncf.io/cncf-annual-report-2018/](https://www.cncf.io/cncf-
annual-report-2018/)

You're also welcome to email me and arrange a call.

Disclosure: I'm executive director of CNCF and responsible for that report.

~~~
hardwaresofton
Thanks for taking time out of your busy day to respond -- I don't mean this
offensively but that report is basically a PR document. The CNCF has done
amazing things, again I really am happy with what it does -- The CNCF doesn't
have to exist, and it helps so many projects (theoretically better than not
helping at all, assuming they wouldn't have received direct contributions
anyway, or would have squandered them).

What I was hoping for was input from people who work _with_ the CNCF --
projects that can speak honestly about how CNCF governance changed their
projects, both the good and the bad. When I generally see the CNCF mentioned
it's "we got adopted by the CNCF" then cheers, and that's about all anyone
says on it.

I think you could absolutely banish this opinion (definitely from me at least,
I am often wrong and must change my mind to accomodate, this would be no
different) by give some more of this "social proof" specifically from people
who are f/oss hackers dealing with the CNCF. If kernel hackers say the Linux
Foundation is legit/helps them and isn't overbearing, I believe them.

Even with all this, there's the possibility that the CNCF is trustworthy _now_
but loses it's way and starts losing it's way but open source projects that
grew dependent on it basically don't leave... But even typing that out it's
obvious there's nothing anyone could do to prevent that really, the
inevitability of politics, etc. Again, pretty tinfoil-y, which is why I'm
currently defaulting to distrust but am doubtful that I should be.

~~~
dankohn1
OK. Note regarding "how CNCF governance changed their projects" that CNCF
doesn't govern our hosted projects. Instead, to reach graduation, they're
required to create and follow a neutral governance process. However, each
project's is different.

[https://github.com/cncf/toc/blob/master/process/graduation_c...](https://github.com/cncf/toc/blob/master/process/graduation_criteria.adoc)

------
hardwaresofton
Some follow up thoughts (too long for initial post)

Even though the Linux Foundation is a non-profit, just like Mozilla (quite
possibly the software company I trust the most), Mozilla is also kind of well
known for being mismanaged -- what about a company that's basically _only_
doing management (and doesn't have products they must look after, per say).
It's not certain that the Linux Foundation has similar issues but Mozilla at
least has the need to turn a profit/install more browsers/make things that
people want as an incentive but the Linux Foundation just basically sells
itself. This is also kind of evident in the Linux Foundation's _extremely_
confusing hyperledger group of blockchain technologies -- this seems like the
kind of move that hype-driven VC backed companies make, not slow-and-steady
trustworthy ones.

What triggered this was watching a NATS[0] presentation where they mentioned
being taken in by the CNCF and adding multi-tenancy -- this seems like a
feature corporate users would ask for (which isn't inherently bad), and then
it occurred to me that what if this is the effect of having the CNCF be
involved was -- worrying more about "large scale" than just writing
bulletproof, featureful software.

This is kind of in line with the whole corporate co-opting of "open source"
(which often is confused with "free" software), and capitalistic runs on
developer mindshare via wosshing products (I think I just invented this term),
but that's even _more_ tinfoil-y.

It's clear that I'm being paranoid, but I'd love if someone could help with
some counter points to help me by maybe shining some light on what value
alignment/adoption by the CNCF is bringing them and whether they did (or
didn't) have to swallow any weird decisions because of it. Am I just totally
off the mark?

[0]:
[https://www.youtube.com/watch?v=K7yzUusMaUc](https://www.youtube.com/watch?v=K7yzUusMaUc)

