Anton Gilgur

Followed up on this in the [May 28th SIG Security meeting](https://docs.google.com/document/d/1nl1adCRf4tD87Y01i3JcrLcHvtm1O5a7slqzNstct94/edit#heading=h.z3d5mmoeu6kg). Did get some Intuit folks to check around for records with no success unfortunately. We also discussed CD's approach...

Ah I mentioned this scenario in #10233 too! `podSpecPatch` may be a workaround for this -- would need to mount an `emptyDir` as a replacement for the root FS write.

I think the fix to this should be to just use an `emptyDir` volume for `resource` templates instead of requiring the ability to write to the root FS. There actually...

> One of the policies, stops the submission of a Workflow if it contains a `podSpecPatch` because a malicious user can inject any container which can be used to trigger...

No, this issue does not say that (and has been open for 1.5 years) and it works fine. As the issue says, certain policies may disallow its usage without some...

Follow-up from [this Slack thread](https://cloud-native.slack.com/archives/C01QW9QSSSK/p1714390245761509). Per there, workaround would be to use named templates > Please take a look at it, as I need to use `inline` templates. Since I'm...

> For non-graceful termination though, we still need a solution. > > I think we need to consider "Pod gone away" after a reasonable period (to allow for propogation of...

This should be backported to 3.4.x as well, since the bug has been around for a while

> This explains why I'm not seeing anything when viewing all logs. This makes you able to use the template combobox in the logs viewer per #9938, to clarify. Not...

Merged `main` for new PR checks per #13027 Going to merge this one in since Tianchu is Approver now per #13072 (and this is a simple UI patch and we...