Security embargo policy and binary rollouts #6593
Labels
Comments
htuch
added a commit
to htuch/envoy
that referenced
this issue
May 1, 2019
Fixes envoyproxy#6593 Signed-off-by: Harvey Tuch <htuch@google.com>
htuch
added a commit
that referenced
this issue
May 3, 2019
Fixes #6593 Signed-off-by: Harvey Tuch <htuch@google.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In order for an Envoy distributor to update a downstream consumer, it's often necessary to have Docker images staged publicly due to the distribution model at many vendors. In addition, Envoy changes are visible to downstream consumers, even in PaaS environments, as the sidecar runs inside the same container as an application.
There are a number of open questions.
1 .Does a binary release violate embargo? In principle and practice it does, since it's easy to bindiff and reverse engineer fixes.
2. How can distributors securely stage images for release at the embargo date?
3. How can distributors perform staged rollouts? E.g. large PaaS operators may require 1+ week to rollout across all zones.
3. How can distributors canary their fix releases?
Would be great to hear from distributors on these issues.
Action item for CVE-2019-9900
Action item for CVE-2019-9901
The text was updated successfully, but these errors were encountered: