Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security: update supported version #15735

Merged
merged 1 commit into from
Jan 10, 2024
Merged

security: update supported version #15735

merged 1 commit into from
Jan 10, 2024

Conversation

rockwotj
Copy link
Contributor

Backports Required

  • none - not a bug fix
  • none - this is a backport
  • none - issue does not exist in previous branches
  • none - papercut/not impactful enough to backport
  • v23.3.x
  • v23.2.x
  • v23.1.x

Release Notes

  • none

michael-redpanda
michael-redpanda reviewed Dec 18, 2023
View reviewed changes
SECURITY.md Outdated
Comment on lines 10 to 12
| 23.3.x | :white_check_mark: |
| 23.2.x | :white_check_mark: |
| 23.1.x | :white_check_mark: |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if it would make sense to list the versions expected EoL and when previous versions went EoL.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For sure it will not hurt, and it is security related so folks will appreciate.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@michael-redpanda I've improved the policy and added details. I've checked some other repositories, and I couldn't identify any EOL announcements. But nevertheless, I would love to see this information somewhere. @wreet do you agree?

@michael-redpanda
Copy link
Contributor

michael-redpanda commented Dec 18, 2023
edited

Added @d3k4z and @wreet

This file is pretty old and has, obviously, not been kept up-to-date. I think we should figure out if

  1. we keep it
  2. what it should contain
  3. what this looks like on backport branches

@vbotbuildovich
Copy link
Collaborator

vbotbuildovich commented Jan 5, 2024
edited

new failures in https://buildkite.com/redpanda/redpanda/builds/43485#018cda88-29dc-4116-86f2-9c5531381c4e:

"rptest.tests.recovery_mode_test.DisablingPartitionsTest.test_disable"

new failures in https://buildkite.com/redpanda/redpanda/builds/43565#018cea02-7119-4e8f-a1ad-b4ffd7bd083c:

"rptest.tests.nodes_decommissioning_test.NodeDecommissionFailureReportingTest.test_allocation_failure_reporting"

new failures in https://buildkite.com/redpanda/redpanda/builds/43601#018cef2d-188d-4e3c-abee-f6baac4df0d9:

"rptest.tests.cloud_storage_timing_stress_test.CloudStorageTimingStressTest.test_cloud_storage.cleanup_policy=delete"

@vbotbuildovich
Copy link
Collaborator

vbotbuildovich commented Jan 5, 2024
edited

ducktape was retried in https://buildkite.com/redpanda/redpanda/builds/43485#018cda88-29dc-4116-86f2-9c5531381c4e

ducktape was retried in https://buildkite.com/redpanda/redpanda/builds/43565#018cea2b-e227-415f-8a88-9a3c77abf0e3

d3k4z
d3k4z previously approved these changes Jan 8, 2024
View reviewed changes
Copy link
Contributor

@d3k4z d3k4z left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

SECURITY.md
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We would need to add a reference to our Redpanda Security Policy. Something in the spirit of:

Official Redpanda Security Policy can be found on redpanda.com/security

SECURITY.md Outdated
Comment on lines 10 to 12
| 23.3.x | :white_check_mark: |
| 23.2.x | :white_check_mark: |
| 23.1.x | :white_check_mark: |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@michael-redpanda I've improved the policy and added details. I've checked some other repositories, and I couldn't identify any EOL announcements. But nevertheless, I would love to see this information somewhere. @wreet do you agree?

@rockwotj
Copy link
Contributor Author

rockwotj commented Jan 8, 2024

Updated with EOL info

d3k4z
d3k4z previously approved these changes Jan 8, 2024
View reviewed changes
Copy link
Contributor

@d3k4z d3k4z left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

@piyushredpanda
Copy link
Contributor

@mattschumpert are the EoL dates confirmed/lgtm to you? Rest, LGTM.

@mattschumpert
Copy link

They look about right. I trust these are the GA bits available dates and you've verified them @piyushredpanda

Is this going in the codebase? That sounds a bit risky cause EOL dates can change (e.g. we pushed 22.3 EOL out a month)

@rockwotj rockwotj merged commit 8dc9bc1 into redpanda-data:dev Jan 10, 2024
16 checks passed
@rockwotj rockwotj deleted the security branch January 10, 2024 02:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michael-redpanda michael-redpanda michael-redpanda approved these changes

@d3k4z d3k4z d3k4z left review comments

@wreet wreet Awaiting requested review from wreet

@piyushredpanda piyushredpanda Awaiting requested review from piyushredpanda

Assignees

@michael-redpanda michael-redpanda

Labels
area/security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@rockwotj @michael-redpanda @vbotbuildovich @piyushredpanda @mattschumpert @d3k4z