Add security_contacts field to OWNERS spec
#5398
Conversation
k8s-ci-robot
added
do-not-merge/work-in-progress
|
Welcome @sfowl! |
k8s-ci-robot
added
the
needs-ok-to-test
|
Hi @sfowl. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
size/S
sfowl
force-pushed
the
add-security-contacts-to-owners
branch
from
d09c25a
to
7fedc9b
Compare
sfowl
changed the title
security_contacts field to OWNERS specsecurity_contacts field to OWNERS spec
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
|
Removed WIP status, need to merge this before proceeding with bulk PRs to all OWNERS files and remove SECURITY_CONTACTS files. |
k8s-ci-robot
added
area/github-management
|
Mail thread for more context: https://groups.google.com/g/kubernetes-sig-architecture/c/0MUJBDGf3jg/m/wYrr8i1tBQAJ |
There was a problem hiding this comment.
/ok-to-test
Maybe a dumb question, but why's this one the pre-req for bulk changes? Is it just to ensure the docs at contributors/guide/owners.md are right and then the bulk changes are implementing what's documented?
I ask mostly because I worry about what might break in this change. Is there anybody out there possibly using SECURITY_CONTACTS as it is an API? The current files aren't highly structured, but one could guess the "schema"? I don't see this as a blocker though. PSC has agreed a reasonable path in kubernetes/committee-security-response#56 which includes removal of the SECURITY_CONTACTS and you're implementing that. And it looks like you've done some archeology to try to confirm none of our things were using the files.
I've got one question about the new schema data around PII (see inline comments).
| slack: @alice | ||
| - github: dan | ||
| email: null | ||
| slack: null | ||
| ``` |
There was a problem hiding this comment.
Are we "allowed" to publish these? I always hear this type of public identification mapping is somehow not allowed by GitHub ToS?
Will all three of {github,email,slack} be required?
There was a problem hiding this comment.
I'm pretty sure we can publish those - github/email is mapped already via cncf gitdm from commits, and we have github -> slack mappings for slack user-groups in the slack-config.
Many people publish that info themselves for their personal website as well.
There was a problem hiding this comment.
Will all three of {github,email,slack} be required?
No, I updated the descriptions to be clearer that only GitHub username is required. The other fields are optional.
I'm pretty sure we can publish those - github/email is mapped already via cncf gitdm from commits, and we have github -> slack mappings for slack user-groups in the slack-config.
That was my feeling as well. I also reached out to GitHub's privacy team for some input but I'm not sure if this is within their scope. I'll share any reply I get.
Also, I think the intention is for individuals to add update their own email/slack IDs. The bulk updates that add security_contacts to OWNERS will have email and slack set to null for all users.
There was a problem hiding this comment.
Got a reply from github Trust & Safety team:
Thanks for reaching out. Our Acceptable Use Policies address your question in the following way:
While using the Service, under no circumstances will you: violate the privacy of any third party, such as by posting another person's personal information without consent.Additionally, Section 6 may apply, depending on where you're getting the information:
If you collect any User Personal Information from the Service, you agree that you will only use that User Personal Information for the purpose for which that User has authorized it.If you're gathering and using public information from GitHub and are receiving consent from each of the data subjects, our Privacy Statement includes some further requirements. The following is especially important:
We expect you to reasonably secure any User Personal Information you have gathered from GitHub, and to respond promptly to complaints, removal requests, and "do not contact" requests from GitHub or GitHub users.I hope this is helpful. Please let us know if we can answer any other questions.
I think the current proposal be okay then. Users would need to add their own contact info, we can't add any on their behalf.
There was a problem hiding this comment.
One other thing I forgot to mention with Slack, names are not unique in there :| There can be multiple mrbobbytables for examples, thats why we have the mapping of slack name to underlying slack ID in usergroup management. I would avoid including that at all as you could easily ping the wrong person.
There was a problem hiding this comment.
Ah, yeah I see what you mean looking in communication/slack-config. Some other options might be either to ask for the actual slack ID instead (downside: not easily enforceable), or enhance the spec to have keys for both slack name and slack ID (downside: messier, still not really enforceable).
So I think your suggestion to remove the slack field entirely is probably the most sensible. I'll hold back on the change for a day in case there are other ideas/opinions.
There was a problem hiding this comment.
when this is place I am good to lgtm on this PR.
k8s-ci-robot
added
ok-to-test
That was pretty much my thinking. It's also a chance to review the planned changes before creating the noise generated by bulk PRs.
The existing docs I've seen describe SECURITY_CONTACTS as a data source only for use by the PSC. It's possible that someone else is using it as an API, but if this has the PSC's blessing then I'd agree that it's not a blocker. In terms of breakages, today I came across the secping tool, which seems to still be used in test-infra. Mostly likely this will need some tweaks to be compatible with this change, but I'll move this back to WIP while I investigate. |
|
@sfowl: The label(s) In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/hold |
k8s-ci-robot
added
the
do-not-merge/hold
k8s-ci-robot
added
the
sig/service-catalog
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: sfowl The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Sorry for the long delay on this @tpepper @mrbobbytables. Also CC-ing @tallclair @BenTheElder as they were on the original I've grepped through all repos in the below orgs for usage of SECURITY_CONTACTS: The only example I found that used SECURITY_CONTACTS like an API was the I found no other instances that used SECURITY_CONTACTS like an API. I've generated patches for the planned bulk updates each repo in the above orgs using this script. Here's an example using My proposal now is to:
PS - Any suggestions on somewhere I could drop an email to give a heads up to repo owners about this change would be appreciated. |
|
/unhold |
k8s-ci-robot
removed
the
do-not-merge/hold
|
Putting the hold back on it just to make sure it gets reviews from the right groups before merge 👍 cc @kubernetes/steering-committee As an FYI the orgs kubernetes-incubator and kubernetes-retired are archived, they are not receiving any more updates. |
k8s-ci-robot
added
the
do-not-merge/hold
|
cc @kubernetes/product-security-committee |
|
Based on some feedback in kubernetes/committee-security-response#56 from @BenTheElder , I'm gonna re-examine this PR and see how I can re-add slack IDs (i.e. not slack display names) in combination with some validation in kubernetes/test-infra/prow/repoowners and kubernetes/test-infra/prow/plugins/verify_owners. Will mark as draft again for the meantime. |
k8s-ci-robot
added
the
do-not-merge/work-in-progress
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
|
@BenTheElder I made a draft test-infra PR with some validation for slack IDs. My updated proposal is now:
|
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-contributor-experience at kubernetes/community. |
k8s-ci-robot
added
the
lifecycle/stale
|
@sfowl 👋 just wanted to check in -- is this still desired/are you still looking for review? |
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
k8s-ci-robot
added
lifecycle/rotten
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /close |
|
@k8s-triage-robot: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This supports #56
I don't believe similar changes are also needed to https://github.com/kubernetes/test-infra/blob/master/prow/repoowners/repoowners.go as no automation depends on this new additional field. Similarly, there seems to be no code references in test-infra foremeritus*keys, so I imagine adding new keys to OWNERS should not cause any issues.EDIT: Made a PR for test-infra changes: kubernetes/test-infra#22075