kubernetes
Distributors Application for VMware By Broadcom
Actively monitored security email alias for our project: [email protected]
1. Be an actively maintained and CNCF certified distribution of Kubernetes components.
2. Have a user base not limited to your own organization.
3. Have a publicly verifiable track record up to present day of fixing security issues.
4. Not be a downstream or rebuild of another distribution.
5. Be a participant and active contributor in the community.
6. Accept the Embargo Policy.
7. Be willing to contribute back.
8. Have someone already on the list vouch for the person requesting membership on behalf of your distribution. [email protected]
Hi @skhushboo-vm, VMWare is already on the distributors list:
https://github.com/kubernetes/k8s.io/blob/main/groups/committee-security-response/groups.yaml#L62-L63
Is this a request for a new email to be added? Do the existing two email addresses still need to be included?
Thanks for the response Micah.
With the Broadcom acquisition, our email alias has changed from @.*** to @.*** However, due to some restrictions currently in our new @.) zipped attachments cannot come through to @.
Is there any way for embargoed content( going fwd) you can add patches at an access restricted server or drop it in our drive( if we share it with you)?
Many thanks in advance, Khushboo Soni VMware By Broadcom, PSIRT
On Tue, Jul 2, 2024 at 12:11 AM Micah Hausler @.***> wrote:
Hi @skhushboo-vm https://github.com/skhushboo-vm, VMWare is already on the distributors list:
https://github.com/kubernetes/k8s.io/blob/main/groups/committee-security-response/groups.yaml#L62-L63
Is this a request for a new email to be added? Do the existing two email addresses still need to be included?
— Reply to this email directly, view it on GitHub https://github.com/kubernetes/committee-security-response/issues/198#issuecomment-2200788074, or unsubscribe https://github.com/notifications/unsubscribe-auth/AQY5HJUHVVSXP7KEETRZXMDZKGPFHAVCNFSM6AAAAABJRHECJOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMBQG44DQMBXGQ . You are receiving this because you were mentioned.Message ID: @.***>
-- This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.
Unfortunately GitHub *'s out all the email names in the comments! 😄 I'll reach out to the original aliases on file to confirm
Is there any way for embargoed content( going fwd) you can add patches at an access restricted server or drop it in our drive( if we share it with you)?
I do not foresee us updating our process to workaround arbitrary restrictions of a distributor.
Created https://github.com/kubernetes/k8s.io/pull/7147 to consolidate the broadcom emails to a single email
