Skip to content

Add Luc Chmielowski to Kyverno for Kubernetes Maintainers#105

Open
lucchmielowski wants to merge 2 commits into
kyverno:mainfrom
lucchmielowski:lucchmielowski-maintainer-application
Open

Add Luc Chmielowski to Kyverno for Kubernetes Maintainers#105
lucchmielowski wants to merge 2 commits into
kyverno:mainfrom
lucchmielowski:lucchmielowski-maintainer-application

Conversation

@lucchmielowski

Copy link
Copy Markdown
Contributor

Application Scope

Hey folks ! I'm applying to become a Kyverno for Kubernetes maintainer, with primary ownership of Image Verification Policies (IVPOL) and sigstore integration (/pkg/cosign, /pkg/notary), and ongoing involvement in release engineering and CI/security backports.

Domain Path Current Status
Image Verification (IVPOL) /pkg/cosign, /pkg/notary CODEOWNER
Release engineering CI workflows, cherry-picks, backports Active contributor
Security/CVE response Release branches Active contributor

Becoming a Maintainer Checklist

Per GOVERNANCE.md — Maintainers:

  • 8–10+ significant PRs across Kyverno org repos — 54 merged in kyverno/kyverno, 39 in kyverno/website, ~120 org-wide
  • Member of #kyverno and #kyverno-dev on Kubernetes Slack and #kyverno on CNCF Slack
  • Regularly attends Kyverno Maintainers and Community Meetings
  • Registered for the Kyverno mailing list
  • Listed in CODEOWNERS/pkg/cosign and /pkg/notary
  • Responds to reviews from maintainers on pull requests
  • Actively reviews code — 208 PR reviews in kyverno/kyverno
  • Consistent contributions and community participation
  • Already a Kyverno reviewer

Key Contributions

Image Verification Policies (IVPOL)

PR Title Impact
#14652 feat: Add cosign v3 support to IVPOL Auto-detects v3 bundle format, trusted root via TUF, Rekor v2 support
#15136 fix(ivpol): Unauthorized error when using a private repository Fixes auth for private registries
#15148 fix: relax EKU validation for DigiCert TSA on IVPOL Unblocks timestamp verification with DigiCert TSA
#15306 fix: set UseSignedTimestamps when TSACertChain is provided Cherry-pick of timestamp chain fix
#15834 fix: matchImageReferences does not filter images properly Correct image filtering in IVPOL
#15882 fix(ivpol): remove early return on matchImageReference Fixes validation short-circuit
#16208 fix: do not abort required validation on non-matching images Correct required vs optional image validation behavior

Release Engineering & CI

PR Title Impact
#13773 ci: Add cherry-pick workflow Automated backport workflow used across release branches
#15995 feat: release 1.18.0 1.18 GA release (release lead)
#15929 chore: release 1.18.0-rc.1 1.18 RC (release lead)
#13842 ci(cosign): streamline signature storage for our artifacts Improved artifact signing pipeline
#15485 ci: Fix vuln report for latest and releases Vulnerability reporting fixes

Security / CVE Backports

Multiple CVE fixes across release branches (1.14–1.18), including #15203, #15414, #15415, #15540, #15823.


Areas of Responsibility

  • IVPOL / sigstore — cosign, notary, image reference matching, attestations
  • Release operations — cherry-picks, backports, CI fixes during release cycles
  • Security response — CVE triage and backports on supported release branches

@JimBugwadia

Copy link
Copy Markdown
Member

/vote

@git-vote

git-vote Bot commented Jun 9, 2026

Copy link
Copy Markdown

Vote created

@JimBugwadia has called for a vote on Add Luc Chmielowski to Kyverno for Kubernetes Maintainers (#105).

The members of the following teams have binding votes:

Team
@kyverno/binding-votes

Non-binding votes are also appreciated as a sign of support!

How to vote

You can cast your vote by reacting to this comment. The following reactions are supported:

In favor Against Abstain
👍 👎 👀

Please note that voting for multiple options is not allowed and those votes won't be counted.

The vote will be open for 7days. It will pass if at least 50% of the users with binding votes vote In favor 👍. Once it's closed, results will be published here as a new comment.

Signed-off-by: Luc Chmielowski <luc.chmielowski@nirmata.com>
@lucchmielowski lucchmielowski force-pushed the lucchmielowski-maintainer-application branch from 770ba7b to eadf901 Compare June 9, 2026 08:27
@git-vote

git-vote Bot commented Jun 10, 2026

Copy link
Copy Markdown

Vote closed

The vote passed! 🎉

57.14% of the users with binding vote were in favor and 0.00% were against (passing threshold: 50%).

Summary

In favor Against Abstain Not voted
8 0 0 6

Binding votes (8)

User Vote Timestamp
@Jaxwood In favor 2026-06-09 8:31:25.0 +00:00:00
@JimBugwadia In favor 2026-06-09 8:26:33.0 +00:00:00
@Jonas-Beck In favor 2026-06-09 9:05:11.0 +00:00:00
@aerosouund In favor 2026-06-09 10:08:55.0 +00:00:00
@eddycharly In favor 2026-06-09 11:49:43.0 +00:00:00
@fjogeleit In favor 2026-06-09 17:42:04.0 +00:00:00
@lucchmielowski In favor 2026-06-09 11:50:52.0 +00:00:00
@realshuting In favor 2026-06-09 8:28:43.0 +00:00:00

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants