Re: Security policies for Kubernetes


Brandon Philips <brandon.philips@...>
 

Thanks Dan. I plan on pushing more on this post-KubeCon. Hopefully get PRs up against the documentation in the coming days.

I will take this discussion under advisement but I think there are some clear people and process things we can get right before bike-shedding on disclosure process.

Cheers,

Brandon

On Thu, Nov 10, 2016 at 9:21 AM Dan Kohn <dan@...> wrote:
There was a question at the Kubernetes panel Monday night about how to handle security reports now that Kubernetes is a CNCF rather than a Google project.

Brandon Phillips seems to have already gotten a good start on this at https://github.com/kubernetes/kubernetes/issues/35462 and in the linked Google Doc.

I presume he and Sarah Novotny will let CNCF staff know if they want any CNCF-hosted mailing lists or other infrastructure.

But I wanted to flag this publicly in case anyone on the TOC list wanted to chime in. I'm also cc'ing Greg KH, in case he might want to add any comments about the kernel security process.
--
Dan Kohn <mailto:dan@...>
Executive Director, Cloud Native Computing Foundation <https://cncf.io/>
tel:+1-415-233-1000

Join cncf-toc@lists.cncf.io to automatically receive all group messages.