Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Am I crazy to distrust the CNCF?
4 points by hardwaresofton on July 27, 2019 | hide | past | favorite | 4 comments
If you've got a tin foil hat close by this would be the time to put it on.

I've vaguely distrusted the CNCF for a long time now. While I like the majority of what they're doing (helping fund and manage open source projects), it's never sat right to me... Companies don't move out/donate large sums out of pure altruism, and the consistent and persistent (successful) branding attempts everywhere, really trying to burn the word "CNCF" and the marketing term "cloud native" into your mind, and sheer amount of projects they're funding/supporting in some way smacks of the VC-backed "high-growth" startup play that never pans out as well for customers as it does for VCs/early founders.

Up until now, I've vaguely thought their goal was only establishing themselves as the de-facto standard for "cloud computing", basically spreading massive good will now so they can reap the rewards later, and signalling themselves to big companies. However it just dawned on me that the actual goal might be subtly influencing free/open source products via their "graduation"/standardization process. Projects that deserve to "graduate" will essentially have to bend to "standards" set by the CNCF/Linux Foundation and resulting their top backers to them the most.

I presume any comments from me are unlikely to convince you that CNCF is a trustworthy organization, but I would suggest that the 2018 CNCF Annual Report is probably the best source of understanding what we do and why we do it.


You're also welcome to email me and arrange a call.

Disclosure: I'm executive director of CNCF and responsible for that report.

Thanks for taking time out of your busy day to respond -- I don't mean this offensively but that report is basically a PR document. The CNCF has done amazing things, again I really am happy with what it does -- The CNCF doesn't have to exist, and it helps so many projects (theoretically better than not helping at all, assuming they wouldn't have received direct contributions anyway, or would have squandered them).

What I was hoping for was input from people who work with the CNCF -- projects that can speak honestly about how CNCF governance changed their projects, both the good and the bad. When I generally see the CNCF mentioned it's "we got adopted by the CNCF" then cheers, and that's about all anyone says on it.

I think you could absolutely banish this opinion (definitely from me at least, I am often wrong and must change my mind to accomodate, this would be no different) by give some more of this "social proof" specifically from people who are f/oss hackers dealing with the CNCF. If kernel hackers say the Linux Foundation is legit/helps them and isn't overbearing, I believe them.

Even with all this, there's the possibility that the CNCF is trustworthy now but loses it's way and starts losing it's way but open source projects that grew dependent on it basically don't leave... But even typing that out it's obvious there's nothing anyone could do to prevent that really, the inevitability of politics, etc. Again, pretty tinfoil-y, which is why I'm currently defaulting to distrust but am doubtful that I should be.

OK. Note regarding "how CNCF governance changed their projects" that CNCF doesn't govern our hosted projects. Instead, to reach graduation, they're required to create and follow a neutral governance process. However, each project's is different.


Some follow up thoughts (too long for initial post)

Even though the Linux Foundation is a non-profit, just like Mozilla (quite possibly the software company I trust the most), Mozilla is also kind of well known for being mismanaged -- what about a company that's basically only doing management (and doesn't have products they must look after, per say). It's not certain that the Linux Foundation has similar issues but Mozilla at least has the need to turn a profit/install more browsers/make things that people want as an incentive but the Linux Foundation just basically sells itself. This is also kind of evident in the Linux Foundation's extremely confusing hyperledger group of blockchain technologies -- this seems like the kind of move that hype-driven VC backed companies make, not slow-and-steady trustworthy ones.

What triggered this was watching a NATS[0] presentation where they mentioned being taken in by the CNCF and adding multi-tenancy -- this seems like a feature corporate users would ask for (which isn't inherently bad), and then it occurred to me that what if this is the effect of having the CNCF be involved was -- worrying more about "large scale" than just writing bulletproof, featureful software.

This is kind of in line with the whole corporate co-opting of "open source" (which often is confused with "free" software), and capitalistic runs on developer mindshare via wosshing products (I think I just invented this term), but that's even more tinfoil-y.

It's clear that I'm being paranoid, but I'd love if someone could help with some counter points to help me by maybe shining some light on what value alignment/adoption by the CNCF is bringing them and whether they did (or didn't) have to swallow any weird decisions because of it. Am I just totally off the mark?

[0]: https://www.youtube.com/watch?v=K7yzUusMaUc

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact