|
| 1 | +--- |
| 2 | +title: 'Presenting "Conforma"' |
| 3 | +date: 2025-01-22T12:24:00-05:00 |
| 4 | +author: "Simon Baird" |
| 5 | +--- |
| 6 | + |
| 7 | +To make a long story short, this project has a new name. "Enterprise Contract" |
| 8 | +is now "Conforma". Read on for some background information about the name and |
| 9 | +why we decided to change it. |
| 10 | + |
| 11 | +<!--more--> |
| 12 | + |
| 13 | +## Origins |
| 14 | + |
| 15 | +The name "Enterprise Contract" has been around since the beginning. When a few |
| 16 | +bright Red Hatters were sketching out the plans for a new SLSA compliant |
| 17 | +internal build system based on OpenShift, Tekton, Tekton Chains, and Sigstore, |
| 18 | +verifying signatures and applying policies based on image attestations was a |
| 19 | +key piece of the design. |
| 20 | + |
| 21 | +One of the main design ideas was to allow development teams to own their build |
| 22 | +pipelines, leaving them free to innovate and iterate, but leverage the SLSA |
| 23 | +build provenance to provide a mechanism for release engineers and security |
| 24 | +experts to ensure the released artifacts met the required standards. |
| 25 | + |
| 26 | +If a container image passed "the Enterprise Contract" then it was considered |
| 27 | +releasable. And if it didn't pass, the tooling would produce clear explanations |
| 28 | +about why, and what needed to happen to get it passing. |
| 29 | + |
| 30 | +So we built the tool to do this artifact verification and policy checking, and |
| 31 | +called it "Enterprise Contract". |
| 32 | + |
| 33 | +"Enterprise" in Red Hat vernacular can mean something like "ready for |
| 34 | +prime-time", not just production-ready, but ready for use by Red Hat customers. |
| 35 | +Think "Red Hat Enterprise Linux" for example. And if we say that "contract" |
| 36 | +means the set of transparent and agreed-upon policies, then you could say the |
| 37 | +name describes the idea well. |
| 38 | + |
| 39 | +## Why Change? |
| 40 | + |
| 41 | +That said, the name has some shortcomings. It's long, and often makes people |
| 42 | +think of corporate HR, or some kind of workplace legal document. |
| 43 | + |
| 44 | +Also, for open-source software in general, and the Fedora community in |
| 45 | +particular, the terms "Enterprise" and "Contract" are kind of big red flags, |
| 46 | +both legally and philosophically. |
| 47 | + |
| 48 | +Fedora is looking at using Konflux for its own build system, and we've received |
| 49 | +unambiguous feedback on the idea of Fedora using *anything* with the name |
| 50 | +"Enterprise Contract". Besides that, if we want to package our software for |
| 51 | +upstream distributions like Fedora, it's likely we'll have a hard time getting |
| 52 | +that name accepted. |
| 53 | + |
| 54 | +## What now? |
| 55 | + |
| 56 | +Coming up with a name is hard, but we got there. Conforma feels good. It's |
| 57 | +short, catchy, and has some solid connotations related to the functionality it |
| 58 | +provides, in my opinion at least! |
| 59 | + |
| 60 | +Rather than just rename our GitHub org and then the Git repos inside it, we're |
| 61 | +proceeding carefully to avoid disrupting any of the existing webhooks, CI |
| 62 | +triggers, etc. The name "Enterprise Contract" might not go away entirely, but |
| 63 | +we'll remove it from all the upstream resources, including the website and the |
| 64 | +documentation. Thanks for your patience while we make that happen. |
| 65 | + |
| 66 | +One more note: This may change in the future, but in the short term we're |
| 67 | +sticking with the binary name for the cli. If it helps, and I think it does, |
| 68 | +"ec" now stands for "execute conforma". |
| 69 | + |
| 70 | +{{< rawhtml >}} |
| 71 | +<video width="640" height="360" controls autoplay> |
| 72 | + <source src="/images/newname.webm" type="video/webm"> |
| 73 | + Your browser does not support the video tag. |
| 74 | +</video> |
| 75 | +{{< /rawhtml >}} |
0 commit comments