New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update security release process documentation #407

Merged
merged 1 commit into from Dec 5, 2018

Conversation

Projects
None yet
4 participants
@liggitt
Member

liggitt commented Dec 5, 2018

When this document was written, it presupposed a private release process, especially as it relates to pre-announcing security-related releases publicly.

Until we are able to pre-build and stage release artifacts for security releases, there is a gap of multiple hours between when fixes are pushed to public branches and when release artifacts for all release branches are available. Pre-announcing security-related changes will be landing during that time and drawing attention to the issues before fixed versions are available has consistently been deemed more harmful than helpful.

This PR updates this document to reflect the current security release process. As capability for private release build/staging is achieved, we can consider how to reintroduce public pre-release notification to the process.

/cc @kubernetes/product-security-team @philips

@philips

This comment has been minimized.

Contributor

philips commented Dec 5, 2018

/lgtm

@k8s-ci-robot

This comment has been minimized.

Contributor

k8s-ci-robot commented Dec 5, 2018

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: liggitt, philips

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit 2716da0 into kubernetes:master Dec 5, 2018

2 checks passed

cla/linuxfoundation liggitt authorized
Details
tide In merge pool.
Details

@liggitt liggitt deleted the liggitt:security-updates branch Dec 14, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment