Home Explore Help
Register Sign In
Apq
/
Docker-official-images
mirror of https://github.com/docker-library/official-images.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Add a new "Security Releases" section

Tianon Gravi 7 years ago
parent
45e72b6385
commit
5162b7f923
1 changed files with 10 additions and 0 deletions
Split View Show Diff Stats
  1. 10 0
      README.md

+ 10 - 0
README.md
View File 

@@ -55,6 +55,7 @@ Also, the Hub descriptions for these images are currently stored separately in t
 
 			7.	[Security](#security)
 
 				1.	[Image Build](#image-build)
 
 				2.	[Runtime Configuration](#runtime-configuration)
 
+				3.	[Security Releases](#security-releases)
 
 			8.	[Multiple Architectures](#multiple-architectures)
 
 		3.	[Commitment](#commitment)
 
 	4.	[Library definition files](#library-definition-files)
 
@@ -254,6 +255,15 @@ By default, Docker containers are executed with reduced privileges: whitelisted
 
 
 Official Repositories that require additional privileges should specify the minimal set of command line options for the software to function, and may still be rejected if this introduces significant portability or security issues. In general, `--privileged` is not allowed, but a combination of `--cap-add` and `--device` options may be acceptable. Additionally, `--volume` can be tricky as there are many host filesystem locations that introduce portability/security issues (e.g. X11 socket).
 
 
+##### Security Releases
 
+
 
+For image updates which constitute a security fix, there are a few things we recommend to help ensure your update is merged, built, and released as quickly as possible:
 
+
 
+1.	[Contact us](MAINTAINERS) a few days in advance to give us a heads up and a timing estimate (so we can schedule time for the incoming update appropriately).
 
+2.	Include `[security]` in the title of your pull request (for example, `[security] Update FooBar to 1.2.5, 1.3.7, 2.0.1`).
 
+3.	Keep the pull request free of changes that are unrelated to the security fix -- we'll still be doing review of the update, but it will be expedited so this will help us help you.
 
+4.	Be active and responsive to comments on the pull request after it's opened (as usual, but even more so if the timing of the release is of importance).
 
+
 
 #### Multiple Architectures
 
 
 Each repo can specify multiple architectures for any and all tags. If no architecture is specified, images are built in Linux on `amd64` (aka x86-64). To specify more or different architectures, use the `Architectures` field (comma-delimited list, whitespace is trimmed). Valid architectures are found in [`oci-platform.go`](https://github.com/docker-library/official-images/blob/a7ad3081aa5f51584653073424217e461b72670a/bashbrew/go/vendor/src/github.com/docker-library/go-dockerlibrary/architecture/oci-platform.go#L14-L25):