| Age | Commit message (Collapse) | Author |
|---|
|
|
|
The doc was copied over to sig-release a while ago but then that
copy was never made authoritative
|
|
Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
|
|
Automatic merge from submit-queue.
devel: add recommended time to release process
|
|
|
|
Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
|
|
Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
|
|
Signed-off-by: Jess Frazelle <acidburn@google.com>
|
|
|
|
|
|
Note the self-referential bug.
|
|
I am simply copying Golang which has selected a reasonable time: https://groups.google.com/forum/#!topic/golang-announce/YOqTqcJtiJI
|
|
Signed-off-by: Jess Frazelle <acidburn@google.com>
|
|
- Add links to mailing lists
- Make 4.0 CVSS low severity
|
|
Address all outstanding feedback.
|
|
Make the language much easier to read from beginning to end. And make
everyone's role easier to understand by giving people explicit role
names.
|
|
The release managers should be on the list as they are going to be the
central point of coordination for testing, release, and communication.
|
|
mjg59 has changed his role and has requested to be removed from the
responsiblity of the PST.
|
|
After the v1.4.3 release I know we are all thinking about the security
disclosure and response plan for Kubernetes. I think we need to document some
internal processes, external communication templates/process, and improve the
disclosure systems.
This document is based on discussion and a Google doc on SIG Auth:
https://groups.google.com/forum/#!topic/kubernetes-sig-auth/Xq2f8bWCNDM
**Known issues**
- We haven't specified a way to cycle the Product Security Team; but we need
this process deployed quickly as our current process isn't working. I will put
a deadline of March 1st 2017 to sort that.
Tracking issue: https://github.com/kubernetes/kubernetes/issues/35462
|
