Tim Allclair
Tim Allclair
No, they are not. [Dynamic audit control](https://github.com/kubernetes/community/blob/master/keps/sig-auth/0014-dynamic-audit-configuration.md) will address this need. Once that merges, it would be awesome to have a version of audit2rbac that can be deployed as a...
I'll take a first pass at adding these to https://github.com/open-policy-agent/gatekeeper-library, based on the spec in https://kubernetes.io/docs/concepts/security/pod-security-standards/
/remove-lifecycle stale Updated proposal: 1. Migrate SECURITY_CONTACTS to SECURITY.md, with a templated security policy 2. Security policy should include the security contacts, with both github user ID, email ID, and...
/remove-lifecycle stale
@BenTheElder Nothing (just someone to do the work), except for the concerns raised in the [discussion thread](https://groups.google.com/d/msg/kubernetes-sig-architecture/0MUJBDGf3jg/wYrr8i1tBQAJ) about confusing the intent of security contacts. xref: https://github.com/kubernetes/kubernetes-template-project/pull/35
Thanks for picking this up Sam! I think we should not automatically copy the approvers into security contacts. I'd prefer it to be an explicit add, and we (PSC) can...
/ok-to-test
Can we create a `playbook` directory, and add this there?
/remove-lifecycle stale The bug bounty puts core Kubernetes in Tier 1, and GA subprojects in Tier 2. We'd like to make this explicit on each project, and also formalize what...