Open cartermp opened 1 year ago
This should also include details on the approach to collector image security as that's something I hear a lot about.
There is a Security document in the collector repo, not sure if this belongs there or can be migrated into the docs:
https://github.com/open-telemetry/opentelemetry-collector/blob/main/docs/security-best-practices.md
cc @open-telemetry/collector-approvers
Some parts of this doc are for Collector end-users while others are for component developers. I think information for end-users makes sense to have under the OpenTelemetry docs, but information for component developers may be too niche
Splitting it into end-user material @ docs and keep the developer specific material in the repo makes sense to me. (and adding a back-reference from both documents to link them)
This was discussed in a comms SIG and floated by the security SIG prior with thumbs ups.
Proposal:
Security
Relevant slack thread: https://cloud-native.slack.com/archives/C05A85QC281/p1692283776729499