kubernetes
/
community
mirror of https://github.com/kubernetes/community.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add sensitive communication guidelines

This commit is contained in:
Mario Fahlandt 2025-03-31 02:17:04 +01:00
parent cd84d63bcd
commit 07b9b41549
No known key found for this signature in database
GPG Key ID: 8342B3E5F174341A
1 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
communication/sensitive-comms-guidelines.md Normal file
View File

@ -0,0 +1,26 @@
# Sensitive Communication in the Kubernetes Project
1. **Planning and Preparation** \
1. **Classify Information:**
1. **Sensitive:** Information that could harm contributors or the project if disclosed (e.g., personal data, private keys).
2. **Important:** Information crucial for project success but not necessarily sensitive (e.g., breaking changes, design documents).
2. **Assess Risk:** Evaluate the potential impact of unauthorized access or disclosure, and tailor security measures accordingly.
3. **Define Audience:** Specify who needs the information, considering roles and need-to-know principles within the cloud native open-source community & kubernetes project & project consumers.
4. **Select Communication Channel:**
3. **Sensitive:** private mailing lists, Slack channels or DMs.
4. **Important:** Leverage project-approved channels depending on sensitivity, while considering the open-source nature of the project.
2. **Creating Content**
5. **Clarity & Conciseness:** Use plain language, avoiding jargon, to prevent misunderstandings.
6. **Accuracy:** Double-check all facts and references, especially for sensitive information, as errors could impact the project's reputation.
7. **Confidentiality Markings:** Label documents with "Confidential", "Sensitive", etc., as appropriate.
8. **Inverted Pyramid structure:**
5. All readers should get a sufficient picture of who or what thing is happening in the first sentence or two
6. Section to detail what services are impacted and how folks with more knowledge of the thing being impacted
7. Section should spell out the what, when, where, or how for readers of the target audience whom this directly impacts
9. **Transparency & Openness:** Strive for transparency whenever possible, while safeguarding sensitive information. Clearly define what information is public vs. confidential.
10. **Incident Response Plan:** Have a clear plan for responding to critical or breaking changes and impacts on the infrastructure, including communication protocols, tailored to topic. \
E.g. Registry Change — [K8s Blog](https://kubernetes.io/blog/2023/03/10/image-registry-redirect/), [AWS Blog](https://aws.amazon.com/blogs/containers/changes-to-the-kubernetes-container-image-registry/), yum/apt repo deprecation
11. **Legal & Ethical Considerations:** Comply with relevant data protection regulations and respect the privacy of contributors and users, even within an open-source framework.