Distributors Application for VMware By Broadcom

Question

Distributors Application for VMware By Broadcom

skhushboo-vm opened this issue a month ago · comments

Khushboo Soni commented a month ago

Actively monitored security email alias for our project: Vmware.psirt@broadcom.com

1. Be an actively maintained and CNCF certified distribution of Kubernetes components.

2. Have a user base not limited to your own organization.

3. Have a publicly verifiable track record up to present day of fixing security issues.

4. Not be a downstream or rebuild of another distribution.

5. Be a participant and active contributor in the community.

6. Accept the Embargo Policy.

7. Be willing to contribute back.

8. Have someone already on the list vouch for the person requesting membership on behalf of your distribution.
security@vmware.com

Micah Hausler · Answer 1 · Tue Jul 02 2024 02:41:00 GMT+0800 (China Standard Time)

Hi @skhushboo-vm, VMWare is already on the distributors list:

https://github.com/kubernetes/k8s.io/blob/main/groups/committee-security-response/groups.yaml#L62-L63

Is this a request for a new email to be added? Do the existing two email addresses still need to be included?

Khushboo Soni · Answer 2 · Thu Jul 04 2024 15:11:11 GMT+0800 (China Standard Time)

Thanks for the response Micah. With the Broadcom acquisition, our email alias has changed from ***@***.*** to ***@***.*** However, due to some restrictions currently in our new ***@***.***) zipped attachments cannot come through to ***@***.*** Is there any way for embargoed content( going fwd) you can add patches at an access restricted server or drop it in our drive( if we share it with you)? Many thanks in advance, Khushboo Soni VMware By Broadcom, PSIRT

…

On Tue, Jul 2, 2024 at 12:11 AM Micah Hausler ***@***.***> wrote: Hi @skhushboo-vm <https://github.com/skhushboo-vm>, VMWare is already on the distributors list: https://github.com/kubernetes/k8s.io/blob/main/groups/committee-security-response/groups.yaml#L62-L63 Is this a request for a new email to be added? Do the existing two email addresses still need to be included? — Reply to this email directly, view it on GitHub <#198 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AQY5HJUHVVSXP7KEETRZXMDZKGPFHAVCNFSM6AAAAABJRHECJOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMBQG44DQMBXGQ> . You are receiving this because you were mentioned.Message ID: ***@***.***>

-- This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.

Micah Hausler · Answer 3 · Fri Jul 05 2024 21:29:48 GMT+0800 (China Standard Time)

Unfortunately GitHub *'s out all the email names in the comments! 😄 I'll reach out to the original aliases on file to confirm

Davanum Srinivas · Answer 4 · Fri Jul 05 2024 21:59:59 GMT+0800 (China Standard Time)

cc @nikhita @MadhavJivrajani

Mo Khan · Answer 5 · Mon Jul 08 2024 19:23:31 GMT+0800 (China Standard Time)

Is there any way for embargoed content( going fwd) you can add patches at an access restricted server or drop it in our drive( if we share it with you)?

I do not foresee us updating our process to workaround arbitrary restrictions of a distributor.