Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update security-release-process.md with ref to security-release-team@ email #63

Open
lukehinds opened this issue Dec 8, 2019 · 16 comments
Open

Update security-release-process.md with ref to security-release-team@ email #63

lukehinds opened this issue Dec 8, 2019 · 16 comments
Assignees
@lukehinds
Labels
lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness.

Comments

@lukehinds
Copy link
Contributor

lukehinds commented Dec 8, 2019
edited
Loading

Previously release-managers-private@ was nested within security@.

As of kubernetes/sig-release#900, there will be a separate security-release-team@ email address.

The security/security-release-process.md document should outline the new security-release-team@ email address and how this address should be used when wanting to bring the security release team into a discussion and allow release coordination of a security fix.
@lukehinds
Copy link
Contributor Author

/cc @justaugustus

@justaugustus
Copy link
Member

Corresponding releng tracking issue: kubernetes/sig-release#896

@justaugustus justaugustus mentioned this issue Dec 8, 2019
Closed
3 tasks
@justaugustus
Copy link
Member

/assign

@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Mar 13, 2020
@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Apr 12, 2020
@fejta-bot
Copy link

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

@k8s-ci-robot
Copy link
Contributor

@fejta-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@justaugustus
Copy link
Member

/remove-lifecycle rotten
/lifecycle frozen
/reopen

This needs some input from @kubernetes/product-security-committee.
It's the last item for kubernetes/sig-release#896.

@k8s-ci-robot k8s-ci-robot reopened this Jun 8, 2020
@k8s-ci-robot
Copy link
Contributor

@justaugustus: Reopened this issue.

In response to this:

/remove-lifecycle rotten
/lifecycle frozen
/reopen

This needs some input from @kubernetes/product-security-committee.
It's the last item for kubernetes/sig-release#896.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. and removed lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. labels Jun 8, 2020
@justaugustus justaugustus mentioned this issue Jun 11, 2020
Closed
@LappleApple
Copy link

/assign @saschagrunert

@saschagrunert
Copy link
Member

This needs some input from @kubernetes/product-security-committee.

Hey @kubernetes/product-security-committee 👋, do you think you can provide the required information how to move forward with this topic?

@lukehinds
Copy link
Contributor Author

/assign

@saschagrunert
Copy link
Member

@lukehinds thank you for picking this up! Can we provide anything from the SIG release perspective to support you?

@saschagrunert
Copy link
Member

Hey @lukehinds, may I ask you about an update on this?

@lukehinds lukehinds mentioned this issue Sep 7, 2021
Closed
@lukehinds
Copy link
Contributor Author

Hey @lukehinds, may I ask you about an update on this?

#129

@justaugustus
Copy link
Member

Tim is reviewing #129, so:
/unassign @justaugustus @saschagrunert

saschagrunert added a commit to saschagrunert/sig-release that referenced this issue Jun 8, 2022
@saschagrunert
Update roadmap
116a54f 
We now split-up the deliverables to reflect the state better (WIP vs
TODO). This also means that we outline if no enhancement is available
for a certain item.

We also move "Distribute the load of Kubernetes artifacts between
vendors (Consumable)" to done since this is mostly in the scope of K8S
infra now and we supported the initial phase.

We also move "Simplify CVE process for release management (Secure)" to
done because there is just a single PR in the scope of Security Response
Committee which has to be merged:
kubernetes/committee-security-response#63

Signed-off-by: Sascha Grunert <[email protected]>
@saschagrunert saschagrunert mentioned this issue Jun 8, 2022
Merged
saschagrunert added a commit to saschagrunert/sig-release that referenced this issue Jun 8, 2022
@saschagrunert
Update roadmap
7166596 
We now split-up the deliverables to reflect the state better (WIP vs
TODO). This also means that we outline if no enhancement is available
for a certain item.

We also move "Distribute the load of Kubernetes artifacts between
vendors (Consumable)" to done since this is mostly in the scope of K8S
infra now and we supported the initial phase.

We also move "Simplify CVE process for release management (Secure)" to
done because there is just a single PR in the scope of Security Response
Committee which has to be merged:
kubernetes/committee-security-response#63

Signed-off-by: Sascha Grunert <[email protected]>
saschagrunert added a commit to saschagrunert/sig-release that referenced this issue Jun 8, 2022
@saschagrunert
Update roadmap
87df635 
We now split-up the deliverables to reflect the state better (WIP vs
TODO). This also means that we outline if no enhancement is available
for a certain item.

We also move "Distribute the load of Kubernetes artifacts between
vendors (Consumable)" to done since this is mostly in the scope of K8S
infra now and we supported the initial phase.

We also move "Simplify CVE process for release management (Secure)" to
done because there is just a single PR in the scope of Security Response
Committee which has to be merged:
kubernetes/committee-security-response#63

Signed-off-by: Sascha Grunert <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lukehinds lukehinds

Labels
lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update to security-release-team@
6 participants
@justaugustus @saschagrunert @LappleApple @lukehinds @k8s-ci-robot @fejta-bot