-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
21 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
# Security Release Process | ||
|
||
The k8s-hard-way-ansible project has adopted a security disclosure and response policy to ensure responsible handling of critical issues. | ||
|
||
## Maintainers Team | ||
|
||
Security vulnerabilities should be handled quickly and sometimes privately. The primary goal of this process is to reduce the total time users are vulnerable to publicly known exploits. | ||
|
||
## Disclosures | ||
|
||
### Private Disclosure Processes | ||
|
||
If you discover a security vulnerability or any security-related issues, please do not create a public issue. Instead, send your report to [@GeekOpsUA](https://t.me/GeekOpsUA). Please provide as much information as possible so that we can respond quickly. | ||
|
||
### Public Disclosure Processes | ||
|
||
If you are aware of a publicly disclosed security vulnerability, please contact the admins of [@GeekOpsUA](https://t.me/GeekOpsUA) immediately so that we can begin the patch and release process. Please provide as much information as possible. This will help us to react quickly. | ||
|
||
## Patch and Release Team | ||
|
||
The Patch and Release Team will assemble to patch the vulnerability, release an update, and publish the vulnerability disclosure when a vulnerability is acknowledged. The Patch and Release Team will assemble to patch the vulnerability, release an update, and publish the vulnerability disclosure when a vulnerability is acknowledged. The team includes maintainers of the k8s-hard-way-ansible project affected. |