Summary
Outline a roadmap to move all drivers to evergreen-based-releases.
Motivation
Drivers releases are often downloaded from package index (pip, maven, cpan) or from github directly. Currently only some of the driver releases are signed and the process of signing them is not standardized. Releasing drivers via Evergreen will allow us to better audit the release process (including signing packages). For many of our customers there is a requirement to adhere to an SDLC process that ensures the packages we provide are not tampered with by any internal participant in the process of producing and releasing those packages. Often these requirements are stated by our customers in security and compliance questionnaires. Currently, we list exceptions on these questionnaires related to drivers SDLC and signed packages. This effort should reduce the friction during sales cycles due to the number of exceptions we list.
Cast of Characters
Document Author: Rathi Gnanasekaran
Product Owner: Rachelle Palmer
Program Manager: Alexander Golin & Esha Bhargava
Stakeholders: Drivers
Documentation
Scope Document
Evergreen Documentation