Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security contacts for kube-controller-manager not specified or out of date #92096

Open
joelsmith opened this issue Jun 12, 2020 · 0 comments
Open

Security contacts for kube-controller-manager not specified or out of date #92096

joelsmith opened this issue Jun 12, 2020 · 0 comments
Labels
area/security committee/security-response Denotes an issue or PR intended to be handled by the product security committee. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release.

Comments

@joelsmith
Copy link
Contributor

The purpose of the SECURITY_CONTACTS file for each Kubernetes repository is to provide a list of people who can assist the Kubernetes Product Security Committe in the event that a security issue related to the repository is discovered or disclosed. As described in the file, those on the list should agree to our Embargo Policy.

Please update the /staging/src/k8s.io/kube-controller-manager/SECURITY_CONTACTS file for the kube-controller-manager repository. After finding people who are willing to work in this capacity, you should add them to the list, then remove PSC members (except any PSC member will be working as a security contact for this repository). The list is GitHub usernames, optionally followed by an email address. If no email address is listed, the PSC will use the email address found on git commits made by the listed user.

The file may already have people listed who are secuirty contacts. In that case, simply remove any PSC members who aren't also security contacts for the repo.

See kubernetes/committee-security-response#92 for more information

/area security
/committee product-security
/kind cleanup
/lifecycle frozen
/priority important-soon
@k8s-ci-robot k8s-ci-robot added lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. area/security committee/security-response Denotes an issue or PR intended to be handled by the product security committee. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. labels Jun 12, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/security committee/security-response Denotes an issue or PR intended to be handled by the product security committee. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joelsmith @k8s-ci-robot