Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consolidate SECURITY_CONTACTS into OWNERS #6484

Closed
wants to merge 2 commits into from
Closed

Consolidate SECURITY_CONTACTS into OWNERS #6484

wants to merge 2 commits into from

Conversation

sfowl
Copy link

@sfowl sfowl commented Feb 21, 2022

Which issue(s) this PR fixes:

Fixes kubernetes/committee-security-response#149

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Feb 21, 2022
@k8s-ci-robot
Copy link
Contributor

Hi @sfowl. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the area/contributor-guide Issues or PRs related to the contributor guide label Feb 21, 2022
@k8s-ci-robot k8s-ci-robot added area/github-management Issues or PRs related to GitHub Management subproject committee/steering Denotes an issue or PR intended to be handled by the steering committee. sig/contributor-experience Categorizes an issue or PR as relevant to SIG Contributor Experience. sig/service-catalog Categorizes an issue or PR as relevant to SIG Service Catalog. labels Feb 21, 2022
@sfowl sfowl mentioned this pull request Feb 21, 2022
Closed
@matthyx
Copy link
Contributor

matthyx commented Feb 22, 2022

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Feb 22, 2022
tallclair
tallclair reviewed Feb 22, 2022
View reviewed changes
Copy link
Member

@tallclair tallclair left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! I'm not sure what the merge order should be, but you should also update the template repo: https://github.com/kubernetes/kubernetes-template-project/blob/main/SECURITY_CONTACTS

committee-steering/governance/sig-governance.md Show resolved Hide resolved
committee-steering/governance/sig-governance.md Show resolved Hide resolved
@sfowl
Copy link
Author

sfowl commented Feb 25, 2022

Thanks! I'm not sure what the merge order should be, but you should also update the template repo: https://github.com/kubernetes/kubernetes-template-project/blob/main/SECURITY_CONTACTS

kubernetes/kubernetes-template-project#38

My thinking was this PR into k/community was a good way to track that the overall change is agreed upon, and the all other PRs would merge afterwards.

@PushkarJ
Copy link
Member

Hey @sfowl Thanks for working on this and sharing this on sig-security-tooling slack channel.

It seems like this update is being made to allow better ways to communicate with maintainers privately for security issues if I read the original issue correctly kubernetes/committee-security-response#56

If security_contacts field is going have just Github Ids how does it enable private communication channel with the maintainers / OWNERS of the code ? Is there a planned phase 2 where we will add more details that enables it?

@PushkarJ
Copy link
Member

/sig security

@k8s-ci-robot k8s-ci-robot added the sig/security Categorizes an issue or PR as relevant to SIG Security. label Mar 10, 2022
@sfowl
Copy link
Author

sfowl commented Mar 11, 2022
edited
Loading

Hey @PushkarJ , yes, there would need to be a second phase to address the private communication aspect. This first phase does have benefits of its own though, @tallclair gave a good overview in this comment:

kubernetes/test-infra#25347 (comment)

@PushkarJ
Copy link
Member

PushkarJ commented Apr 5, 2022

@sfowl sorry have not gotten to this in a bit. Would you be open to bringing this up for discussion in the upcoming SIG Security Meeting? I think we might benefit from feedback from many other folks who might be interested in this

@PushkarJ PushkarJ mentioned this pull request Apr 11, 2022
Merged
@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 3, 2022
@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 4, 2022
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: sfowl
To complete the pull request process, please assign justaugustus after the PR has been reviewed.
You can assign the PR to them by writing /assign @justaugustus in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 2, 2022
@neolit123
Copy link
Member

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 2, 2022
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Oct 31, 2022
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Nov 30, 2022
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Reopen this PR with /reopen
  • Mark this PR as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

@k8s-ci-robot
Copy link
Contributor

@k8s-triage-robot: Closed this PR.

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Reopen this PR with /reopen
  • Mark this PR as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tallclair tallclair tallclair left review comments

@castrojo castrojo Awaiting requested review from castrojo

@idvoretskyi idvoretskyi Awaiting requested review from idvoretskyi

Assignees
No one assigned
Labels
area/contributor-guide Issues or PRs related to the contributor guide area/github-management Issues or PRs related to GitHub Management subproject cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. committee/steering Denotes an issue or PR intended to be handled by the steering committee. lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. sig/contributor-experience Categorizes an issue or PR as relevant to SIG Contributor Experience. sig/security Categorizes an issue or PR as relevant to SIG Security. sig/service-catalog Categorizes an issue or PR as relevant to SIG Service Catalog. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
[SIG ContribEx] Overview
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Consolidate OWNERS and SECURITY_CONTACTS
7 participants
@sfowl @k8s-ci-robot @matthyx @PushkarJ @k8s-triage-robot @neolit123 @tallclair