Improve process & documentation for non-k/k projects
tallclair opened this issue · comments
- decide what the PSC's role & involvement should be
- write prescriptive checklist that can be followed by subproject owners without incident response experience
- decide how vulnerabilities are communicated
/help
@tallclair:
This request has been marked as needing help from a contributor.
Please ensure the request meets the requirements listed here.
If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-help command.
In response to this:
/help
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale
/remove-lifecycle stale
The bug bounty puts core Kubernetes in Tier 1, and GA subprojects in Tier 2. We'd like to make this explicit on each project, and also formalize what that means for PSC support (possibly with more tiers).
/cc @cjcullen @joelsmith
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale
/remove-lifecycle stale
/lifecycle frozen