Matt Moore

@dlorenc we can make them their own modules in-place here?

Moving the side effect is already breaking to some folks downstream. I was actually going to suggest we scramble to move these out before my PR lands in a release...

Two that immediately come to mind are PipelineRuns as well as Runs (for custom tasks cc @imjasonh). It might also be prudent to better formalize the way image outputs are...

Streaming the build context to the Pod is (probably?) going to be secure if proxied by the API server, which creates unnecessary API Server load (I believe the OpenShift folks...

I built a simplified form of this into github.com/mattmoor/mink. It now support uploading a multi-arch version of kontext, and I've used it to run kaniko builds against clusters on amd64...

That was another thing that came up in the slack convo: Maybe we should stop overloading our reconcilers as the vehicle for upgrades, but it'll require some careful thought about...

Perhaps an egress proxy for controlling build hermeticity?

Mostly playing devil's advocate suggesting other methods for some of these: 1. What about a [fluentd sidecar](https://docs.fluentd.org/v0.12/articles/kubernetes-fluentd)? 1. provenance: run a grafeas publishing step as a final init container, or...

I think the concrete task here is to document the pattern that we should follow for setting up ACLs for duck types that are for more than read-only. I think...

/lifecycle frozen