Yes to release 1.0.0 as is. Lets not block on the security review. On Thursday, April 23, 2020 at 12:41:10 PM UTC+1, Richard Hartmann wrote: > > Dear all, > > This is a call for consensus within Prometheus-team on releasing > node_exporter 1.0.0 as-is. > > node_exporter 1.0.0-rc.0 has been cut on 2020-02-20[1]. It features > experimental TLS support[2]. We are planning to use this TLS support > as a template for all other exporters within and outside of Prometheus > proper. To make sure we didn’t build a footgun nor that we’re holding > it wrong, CNCF is sponsoring an external security review by Cure53. We > have not been giving a clear timeline but work should start in week 22 > (May 25th) at the latest with no time to completion stated. > > There are two positions: > * Wait for the security review to finish before cutting 1.0.0 > * Release ASAP, given that this feature is clearly marked as > experimental and it will not see wider testing until we cut 1.0.0 > > I am asking Prometheus-team to establish rough consensus with a hum. > > Should the maintainers (Ben & Fish) be allowed to release without > waiting for the audit to finish? > > > Best, > Richard > > [1] https://github.com/prometheus/node_exporter/releases/tag/v1.0.0-rc.0 > [2] https://github.com/prometheus/node_exporter/pull/1277 >
-- You received this message because you are subscribed to the Google Groups "Prometheus Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-developers/3512ab67-a876-4f95-a6ad-10730fdff214%40googlegroups.com.
