Skip to content

Latest commit

 

History

History
26 lines (22 loc) · 2.5 KB

sensitive-comms-guidelines.md

File metadata and controls

26 lines (22 loc) · 2.5 KB

Sensitive Communication in the Kubernetes Project

  1. Planning and Preparation \

    1. Classify Information:
      1. Sensitive: Information that could harm contributors or the project if disclosed (e.g., personal data, private keys).
      2. Important: Information crucial for project success but not necessarily sensitive (e.g., breaking changes, design documents).
    2. Assess Risk: Evaluate the potential impact of unauthorized access or disclosure, and tailor security measures accordingly.
    3. Define Audience: Specify who needs the information, considering roles and need-to-know principles within the cloud native open-source community & kubernetes project & project consumers.
    4. Select Communication Channel: 3. Sensitive: private mailing lists, Slack channels or DMs. 4. Important: Leverage project-approved channels depending on sensitivity, while considering the open-source nature of the project.

  2. Creating Content 5. Clarity & Conciseness: Use plain language, avoiding jargon, to prevent misunderstandings. 6. Accuracy: Double-check all facts and references, especially for sensitive information, as errors could impact the project's reputation. 7. Confidentiality Markings: Label documents with "Confidential", "Sensitive", etc., as appropriate. 8. Inverted Pyramid structure: 5. All readers should get a sufficient picture of who or what thing is happening in the first sentence or two 6. Section to detail what services are impacted and how folks with more knowledge of the thing being impacted 7. Section should spell out the what, when, where, or how for readers of the target audience whom this directly impacts 9. Transparency & Openness: Strive for transparency whenever possible, while safeguarding sensitive information. Clearly define what information is public vs. confidential. 10. Incident Response Plan: Have a clear plan for responding to critical or breaking changes and impacts on the infrastructure, including communication protocols, tailored to topic.
    E.g. Registry Change — K8s Blog, AWS Blog, yum/apt repo deprecation 11. Legal & Ethical Considerations: Comply with relevant data protection regulations and respect the privacy of contributors and users, even within an open-source framework.