On Thu, 23 Apr 2020 at 12:53, Matthias Rampke <[email protected]> wrote:
> I agree, if we plan on releasing 1.0, have an RC, a security review for a > feature marked experimental doesn't need to hold things up. We should make > it clear when we consider TLS "ready for serious use" but that's for > another release. > Let's be careful here with the word experimental, as that means something very specific in Prometheus terms. "experimental" means that we can make breaking changes to the API across versions, but doesn't say anything about how production-ready code is. For example remote write is classified as experimental, but that's not saying it isn't ready for serious use. Brian > > /MR > > On Thu, Apr 23, 2020 at 11:47 AM Richard Hartmann < > [email protected]> wrote: > >> Yes >> >> On Thu, Apr 23, 2020 at 1:40 PM Richard Hartmann >> <[email protected]> wrote: >> > >> > Dear all, >> > >> > This is a call for consensus within Prometheus-team on releasing >> > node_exporter 1.0.0 as-is. >> > >> > node_exporter 1.0.0-rc.0 has been cut on 2020-02-20[1]. It features >> > experimental TLS support[2]. We are planning to use this TLS support >> > as a template for all other exporters within and outside of Prometheus >> > proper. To make sure we didn’t build a footgun nor that we’re holding >> > it wrong, CNCF is sponsoring an external security review by Cure53. We >> > have not been giving a clear timeline but work should start in week 22 >> > (May 25th) at the latest with no time to completion stated. >> > >> > There are two positions: >> > * Wait for the security review to finish before cutting 1.0.0 >> > * Release ASAP, given that this feature is clearly marked as >> > experimental and it will not see wider testing until we cut 1.0.0 >> > >> > I am asking Prometheus-team to establish rough consensus with a hum. >> > >> > Should the maintainers (Ben & Fish) be allowed to release without >> > waiting for the audit to finish? >> > >> > >> > Best, >> > Richard >> > >> > [1] >> https://github.com/prometheus/node_exporter/releases/tag/v1.0.0-rc.0 >> > [2] https://github.com/prometheus/node_exporter/pull/1277 >> >> >> >> -- >> Richard >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Prometheus Developers" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/prometheus-developers/CAD77%2BgTDcHz%2BBtn3wbLJPCRtW1DJ64w63U8jRx_GCtzin5fFMw%40mail.gmail.com >> . >> > -- > You received this message because you are subscribed to the Google Groups > "Prometheus Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/prometheus-developers/CAMV%3D_gZJqYJ4LbiwepQXv2X91jHY0oC5j_YR9bkK2f2%3Dwy%2B2iw%40mail.gmail.com > <https://groups.google.com/d/msgid/prometheus-developers/CAMV%3D_gZJqYJ4LbiwepQXv2X91jHY0oC5j_YR9bkK2f2%3Dwy%2B2iw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- Brian Brazil www.robustperception.io -- You received this message because you are subscribed to the Google Groups "Prometheus Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-developers/CAHJKeLpc8XgM8s3Gnmac_15gPFzz2QfrHDk%3Dfhc%3DCRXCXVdUPQ%40mail.gmail.com.
