community icon indicating copy to clipboard operation
community copied to clipboard

Published 20 hours ago verified publisher icon kubernetes

Consolidate SECURITY_CONTACTS into OWNERS

Open sfowl opened this issue 3 years ago • 10 comments

Which issue(s) this PR fixes:

Fixes https://github.com/kubernetes/committee-security-response/issues/149

sfowl avatar Feb 21 '22 08:02 sfowl

Hi @sfowl. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot avatar Feb 21 '22 08:02 k8s-ci-robot

/ok-to-test

matthyx avatar Feb 22 '22 06:02 matthyx

Thanks! I'm not sure what the merge order should be, but you should also update the template repo: https://github.com/kubernetes/kubernetes-template-project/blob/main/SECURITY_CONTACTS

https://github.com/kubernetes/kubernetes-template-project/pull/38

My thinking was this PR into k/community was a good way to track that the overall change is agreed upon, and the all other PRs would merge afterwards.

sfowl avatar Feb 25 '22 06:02 sfowl

Hey @sfowl Thanks for working on this and sharing this on sig-security-tooling slack channel.

It seems like this update is being made to allow better ways to communicate with maintainers privately for security issues if I read the original issue correctly https://github.com/kubernetes/committee-security-response/issues/56

If security_contacts field is going have just Github Ids how does it enable private communication channel with the maintainers / OWNERS of the code ? Is there a planned phase 2 where we will add more details that enables it?

PushkarJ avatar Mar 10 '22 18:03 PushkarJ

/sig security

PushkarJ avatar Mar 10 '22 18:03 PushkarJ

Hey @PushkarJ , yes, there would need to be a second phase to address the private communication aspect. This first phase does have benefits of its own though, @tallclair gave a good overview in this comment:

https://github.com/kubernetes/test-infra/pull/25347#issuecomment-1048145454

sfowl avatar Mar 11 '22 06:03 sfowl

@sfowl sorry have not gotten to this in a bit. Would you be open to bringing this up for discussion in the upcoming SIG Security Meeting? I think we might benefit from feedback from many other folks who might be interested in this

PushkarJ avatar Apr 05 '22 18:04 PushkarJ

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: sfowl To complete the pull request process, please assign justaugustus after the PR has been reviewed. You can assign the PR to them by writing /assign @justaugustus in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

k8s-ci-robot avatar May 04 '22 06:05 k8s-ci-robot

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Aug 02 '22 06:08 k8s-triage-robot

/remove-lifecycle stale

neolit123 avatar Aug 02 '22 08:08 neolit123

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Oct 31 '22 08:10 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

k8s-triage-robot avatar Nov 30 '22 09:11 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Reopen this PR with /reopen
  • Mark this PR as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

k8s-triage-robot avatar Dec 30 '22 10:12 k8s-triage-robot

@k8s-triage-robot: Closed this PR.

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

  • Reopen this PR with /reopen
  • Mark this PR as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot avatar Dec 30 '22 10:12 k8s-ci-robot