search

kubernetes / committee-security-response

Kubernetes Security Process and Security Committee docs
Apache License 2.0
165 stars 65 forks source link

Create a SECURITY_CONTACTS file #143

Closed k8s-triage-robot closed 2 years ago

k8s-triage-robot commented 2 years ago

Kubernetes Community repositories must include a SECURITY_CONTACTS file to define points of contact that can assist with triaging security issues when requested by the Security Response Committee.

The template for the file can be found in the kubernetes-template-project.

This issue will periodically comment with reminders until SECURITY_CONTACTS has been created.

To report any issues with this tool, see here.

tallclair commented 2 years ago

/assign @sfowl

What's the status of migrating away from SECURITY_CONTACTS? We should probably disable this bot check for the file.

k8s-ci-robot commented 2 years ago

@tallclair: GitHub didn't allow me to assign the following users: sfowl.

Note that only kubernetes members, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time. For more information please see the contributor guide

In response to [this](https://github.com/kubernetes/committee-security-response/issues/143#issuecomment-1028235649): >/assign @sfowl > >What's the status of migrating away from SECURITY_CONTACTS? We should probably disable this bot check for the file. Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
k8s-triage-robot commented 2 years ago

Required SECURITY_CONTACTS file still does not exist. Please resolve as soon as possible.

sfowl commented 2 years ago

@tallclair the migration stalled some time ago, I wasn't able to get the proposed changes in, e.g.

https://github.com/kubernetes/community/pull/5398

I could possibly revisit it if there's still enough interest. I would most likely start again from scratch, it ended up being more difficult than I first thought.

tallclair commented 2 years ago

(also responded on slack) Regarding picking the change back up, I'd recommend splitting it into 2 independent tasks:

  1. Add a security_contacts field to OWNERS with just the github handle, and migrate the existing SECURITY_CONTACTS files over.
  2. Adding in additional contact information

I think the second tasks is where this stalled last time around, but IMO even just #1 would be useful clean up

k8s-triage-robot commented 2 years ago

kubernetes/committee-security-response still needs a SECURITY_CONTACTS file. /assign @tallclair @joelsmith @cjcullen @liggitt @tabbysable

k8s-triage-robot commented 2 years ago

Required SECURITY_CONTACTS file still does not exist. Please resolve as soon as possible.

k8s-triage-robot commented 2 years ago

Required SECURITY_CONTACTS file still does not exist. Please resolve as soon as possible.

k8s-triage-robot commented 2 years ago

Required SECURITY_CONTACTS file still does not exist. Please resolve as soon as possible.

k8s-triage-robot commented 2 years ago

Required SECURITY_CONTACTS file still does not exist. Please resolve as soon as possible.

k8s-triage-robot commented 2 years ago

Required SECURITY_CONTACTS file still does not exist. Please resolve as soon as possible.

k8s-triage-robot commented 2 years ago

Required SECURITY_CONTACTS file still does not exist. Please resolve as soon as possible.

k8s-triage-robot commented 2 years ago

Required SECURITY_CONTACTS file still does not exist. Please resolve as soon as possible.

k8s-triage-robot commented 2 years ago

Required SECURITY_CONTACTS file still does not exist. Please resolve as soon as possible.