Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make embargo policy more explicit #185

Merged
merged 1 commit into from
Jul 31, 2023
Merged

Make embargo policy more explicit #185

merged 1 commit into from
Jul 31, 2023

Conversation

ritazh
Copy link
Member

@ritazh ritazh commented Jul 27, 2023
edited
Loading

As discussed in SRC meeting, updating the embargo policy to explicitly call out embargo date guidelines and distributions need to wait until after public CVE announcement.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Jul 27, 2023
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ritazh

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the committee/security-response Denotes an issue or PR intended to be handled by the product security committee. label Jul 27, 2023
@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jul 27, 2023
@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jul 27, 2023
cji
cji reviewed Jul 27, 2023
View reviewed changes
private-distributors-list.md Outdated Show resolved Hide resolved
cji
cji reviewed Jul 27, 2023
View reviewed changes
private-distributors-list.md Outdated
prior to the embargo lift date if users do not have direct access to the binary.

However, a fully-hosted patched NON_API_SERVER_COMPONENT can be deployed
prior to the embargo lift date if all users of the environment are internal to the
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
prior to the embargo lift date if all users of the environment are internal to the
prior to the embargo lift date only if all users of the environment are internal to the

Not sure on the suggestion I'm proposing but do we want to make this a little more strongly worded? Is the scope of "environment" just the cluster?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, yes? Not sure on wording either.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated to only if all users with access to the components are internal to the Kubernetes distributor lmk wyt

enj
enj reviewed Jul 27, 2023
View reviewed changes
private-distributors-list.md Outdated Show resolved Hide resolved
@ritazh ritazh requested a review from cji July 28, 2023 18:52
@k8s-ci-robot k8s-ci-robot removed the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Jul 28, 2023
@ritazh ritazh requested a review from enj July 28, 2023 18:52
@k8s-ci-robot k8s-ci-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Jul 28, 2023
enj
enj requested changes Jul 29, 2023
View reviewed changes
Copy link
Member

@enj enj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor stuff.

private-distributors-list.md Outdated Show resolved Hide resolved
private-distributors-list.md Outdated Show resolved Hide resolved
@ritazh
Make embargo policy more explicit
e0dd457 
Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jul 31, 2023
@ritazh ritazh requested a review from enj July 31, 2023 05:20
@enj
Copy link
Member

enj commented Jul 31, 2023

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 31, 2023
@k8s-ci-robot k8s-ci-robot merged commit 2aaf948 into kubernetes:main Jul 31, 2023
2 checks passed
@ritazh ritazh deleted the embargo-policy branch July 31, 2023 17:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cjcullen cjcullen Awaiting requested review from cjcullen

@micahhausler micahhausler Awaiting requested review from micahhausler

@cji cji Awaiting requested review from cji

@enj enj Awaiting requested review from enj

Assignees

@enj enj

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. committee/security-response Denotes an issue or PR intended to be handled by the product security committee. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@ritazh @k8s-ci-robot @enj @cji