cabrinha
commented
4 years ago @ankushchadha updated
Closed cabrinha closed 4 years ago
cabrinha
commented
4 years ago @ankushchadha updated
ankushchadha
commented
4 years ago Thanks, @cabrinha. Noticed that we already have charts from this repository on ChartCenter - https://chartcenter.io/argo/argo?tab=chartinfo
I don't see you listed as a maintainer. If you know maintainers of this repository, can you reach out to them so that they can submit an inclusion request directly? Also if they do, then argo should be the namespace instead of argo-helm to keep things consistent across the helm ecosystem
Thanks
cabrinha
commented
4 years ago Thanks, @cabrinha. Noticed that we already have charts from this repository on ChartCenter - https://chartcenter.io/argo/argo?tab=chartinfo
I don't see you listed as a maintainer. If you know maintainers of this repository, can you reach out to them so that they can submit an inclusion request directly? Also if they do, then argo should be the namespace instead of argo-helm to keep things consistent across the helm ecosystem
Thanks
I'm one of the code owners of the argo-rollouts chart: https://github.com/argoproj/argo-helm/blob/master/CODEOWNERS#L13
In my opinion, this is one of the downsides of ChartCenter, that the community cannot add helm repos themselves, but must rely on the "maintainers" to open these PRs. Helm charts for ArgoCD and Rollouts are community maintained, so I'm not sure the official team has that much interest in getting these charts added to ChartCenter.
The argo/argo chart lists the maintainers as alexec, alexmt, benjaminws, jessesuen, no email addresses are provided.
Looking through the closed PRs, I don't see the PR that added the argo/argo chart. However, you can see that the source for that chart is https://github.com/argoproj/argo-helm. So, we should be able to add the other charts that are present in that repo. The maintainers are the same and the charts are all in the same location:
ankushchadha
commented
4 years ago Thanks, @cabrinha, this is good feedback for us. We seeded ChartCenter with all the public charts and went ahead with a conservative approach that all chart repo based inclusions going forward must come from chart repo owners. We should also honor OWNERS or CODEOWNERS file. I'll share this feedback with the team and get back.
The other motivation behind this approach and especially asking for email addresses is that by default we hide the high severity issues on the UI. And we only want the chart maintainers (who we thought would have elevated privileges) to receive a list of high severity issues via email (if they sign up - screenshot below). This is to prevent disclosing sensitive information to be shared without author's intent and this also provides an ability for authors to share security mitigation information with their consumers.
CLAassistant
commented
4 years ago
All committers have signed the CLA.
cabrinha
commented
4 years ago @ankushchadha I've added a maintainer email.
ankushchadha
commented
4 years ago Thanks, @cabrinha for updating the PR to include the maintainer's email. Will it be possible to get the same email added to Chart.yaml?
This would help from traceability perspective and also allow us to share high severity CVEs using the email mentioned in the Chart.
I know that this PR is taking longer than expected to close and happy to be on a session with you along with products to improve the current UX.
Thanks, @cabrinha for submitting the inclusion request. Can you include a maintainer email address?
Thanks