Re: Security policies for Kubernetes
Nicko van Someren <nicko@...>
Hi Alexis, Thanks for that. I read through the Google Doc and added some comments. One thing I think would be valuable to include in the security process is for there to be a broadcast mail to some 'announce' mailing list in advance of patches to high severity issues, indicating that a critical patch is imminent, with an expected release date but without full details of the issue. For large users with big IT infrastructure it may be necessary to schedule extra staff to install urgent patches quickly and having advanced notice of when this will be necessary is very helpful. Projects like OpenSSL usually send these out three days before security-critical releases (seeĀ https://goo.gl/BzElRC for examples). Cheers, Nicko
On Thu, Nov 10, 2016 at 10:26 AM, Alexis Richardson <alexis@...> wrote:
--
Nicko van Someren CTO, Linux Foundation +1 (978) 821-0391
|
|