|
| 1 | + |
| 2 | +# Sensitive Communication in the Kubernetes Project |
| 3 | + |
| 4 | + |
| 5 | +1. **Planning and Preparation** \ |
| 6 | + |
| 7 | + 1. **Classify Information:** |
| 8 | + 1. **Sensitive:** Information that could harm contributors or the project if disclosed (e.g., personal data, private keys). |
| 9 | + 2. **Important:** Information crucial for project success but not necessarily sensitive (e.g., breaking changes, design documents). |
| 10 | + 2. **Assess Risk:** Evaluate the potential impact of unauthorized access or disclosure, and tailor security measures accordingly. |
| 11 | + 3. **Define Audience:** Specify who needs the information, considering roles and need-to-know principles within the cloud native open-source community & kubernetes project & project consumers. |
| 12 | + 4. **Select Communication Channel:** |
| 13 | + 3. **Sensitive:** private mailing lists, Slack channels or DMs. |
| 14 | + 4. **Important:** Leverage project-approved channels depending on sensitivity, while considering the open-source nature of the project. |
| 15 | +2. **Creating Content** |
| 16 | + 5. **Clarity & Conciseness:** Use plain language, avoiding jargon, to prevent misunderstandings. |
| 17 | + 6. **Accuracy:** Double-check all facts and references, especially for sensitive information, as errors could impact the project's reputation. |
| 18 | + 7. **Confidentiality Markings:** Label documents with "Confidential", "Sensitive", etc., as appropriate. |
| 19 | + 8. **Inverted Pyramid structure:** |
| 20 | + 5. All readers should get a sufficient picture of who or what thing is happening in the first sentence or two |
| 21 | + 6. Section to detail what services are impacted and how folks with more knowledge of the thing being impacted |
| 22 | + 7. Section should spell out the what, when, where, or how for readers of the target audience whom this directly impacts |
| 23 | + 9. **Transparency & Openness:** Strive for transparency whenever possible, while safeguarding sensitive information. Clearly define what information is public vs. confidential. |
| 24 | + 10. **Incident Response Plan:** Have a clear plan for responding to critical or breaking changes and impacts on the infrastructure, including communication protocols, tailored to topic. \ |
| 25 | + E.g. Registry Change — [K8s Blog](https://kubernetes.io/blog/2023/03/10/image-registry-redirect/), [AWS Blog](https://aws.amazon.com/blogs/containers/changes-to-the-kubernetes-container-image-registry/), yum/apt repo deprecation |
| 26 | + 11. **Legal & Ethical Considerations:** Comply with relevant data protection regulations and respect the privacy of contributors and users, even within an open-source framework. |
0 commit comments