- Security policies for Kubernetes
Re: Security policies for Kubernetes
toggle quoted messageShow quoted text
If you have feedback on the kubernetes proposal, please do provide that feedback on the doc or on the issue.
On Thu, Nov 10, 2016 at 10:05 AM, Nicko van Someren via cncf-toc <cncf-toc@...>
Thanks for that. I read through the Google Doc and added some comments.
One thing I think would be valuable to include in the security process is for there to be a broadcast mail to some 'announce' mailing list in advance of patches to high severity issues, indicating that a critical patch is imminent, with an expected release date but without full details of the issue. For large users with big IT infrastructure it may be necessary to schedule extra staff to install urgent patches quickly and having advanced notice of when this will be necessary is very helpful. Projects like OpenSSL usually send these out three days before security-critical releases (see https://goo.gl/BzElRC
cncf-toc mailing list
Join email@example.com to automatically receive all group messages.