Re: [k8s security] No cookies banner window
605 views
Skip to first unread message
Tim Hockin
Dec 20, 2022, 12:29:17 PM12/20/22
to CJ Cullen, steering, secu...@kubernetes.io
Punting this up to steering. I'm not even sure who to bother, any more.
On Tue, Dec 20, 2022 at 9:13 AM CJ Cullen <cjcu...@google.com> wrote:
>
> -reporter
> +Tim Hockin
>
> Does kubernetes.io need a GDPR banner? Definitely not something that the SRC needs to handle, but I'm not sure who to loop in. thockin@ do you know who to kick this to?
>
> Thanks,
> -CJ
>
> On Sat, Dec 10, 2022 at 2:21 AM Michalk <mbopen...@gmail.com> wrote:
>>
>> Hi,
>>
>> At this moment there is no cookies banner/window (needed by GDPR for instance), about Allow / Deny action.
>>
>> Repro steps:
>> 1. Go to: https://kubernetes.io/
>> 2. Scroll down and up, note that cookies banner is missing
>> 3. Open F12 DevTools and see Cookies tab - are used
>> (for example you can use with private mode Firefox and Chromium based - Chrome browser)
>>
>> PoC:
>> Used VPN with EU IP address with different browsers and can't see cookies banner.
>>
>> Impact: High - all site visitors
>>
>> Best regards,
>> Michal
>>
>> --
>> You received this message because you are subscribed to the Google Groups "security" group.
>> To unsubscribe from this group and stop receiving emails from it, send an email to security+u...@kubernetes.io.
>> To view this discussion on the web visit https://groups.google.com/a/kubernetes.io/d/msgid/security/CALFsku%3DHeafRHqpx-ij-nA_SXmTckFSDQP1%3D5XWNx5kVXSSc0g%40mail.gmail.com.
On Tue, Dec 20, 2022 at 9:13 AM CJ Cullen <cjcu...@google.com> wrote:
>
> -reporter
> +Tim Hockin
>
> Does kubernetes.io need a GDPR banner? Definitely not something that the SRC needs to handle, but I'm not sure who to loop in. thockin@ do you know who to kick this to?
>
> Thanks,
> -CJ
>
> On Sat, Dec 10, 2022 at 2:21 AM Michalk <mbopen...@gmail.com> wrote:
>>
>> Hi,
>>
>> At this moment there is no cookies banner/window (needed by GDPR for instance), about Allow / Deny action.
>>
>> Repro steps:
>> 1. Go to: https://kubernetes.io/
>> 2. Scroll down and up, note that cookies banner is missing
>> 3. Open F12 DevTools and see Cookies tab - are used
>> (for example you can use with private mode Firefox and Chromium based - Chrome browser)
>>
>> PoC:
>> Used VPN with EU IP address with different browsers and can't see cookies banner.
>>
>> Impact: High - all site visitors
>>
>> Best regards,
>> Michal
>>
>> --
>> You received this message because you are subscribed to the Google Groups "security" group.
>> To unsubscribe from this group and stop receiving emails from it, send an email to security+u...@kubernetes.io.
>> To view this discussion on the web visit https://groups.google.com/a/kubernetes.io/d/msgid/security/CALFsku%3DHeafRHqpx-ij-nA_SXmTckFSDQP1%3D5XWNx5kVXSSc0g%40mail.gmail.com.
Bob Killen
Dec 20, 2022, 12:47:53 PM12/20/22
to Tim Hockin, CJ Cullen, steering, secu...@kubernetes.io
IMO I wouldn't really consider this high (I checked a bunch of other big OSS websites and none of them have banners but have analytics), but probably something we can ping the sig docs leads about it and at least add a link to the LF cookie policy in the footer
You received this message because you are subscribed to the Google Groups "steering" group.
To unsubscribe from this group and stop receiving emails from it, send an email to steering+u...@kubernetes.io.
To view this discussion on the web visit https://groups.google.com/a/kubernetes.io/d/msgid/steering/CAO_Rewa_C8LxcXjE%2BA9XG0_pbNn%2B6qtMNTZx_zsHSF0OVmMHXQ%40mail.gmail.com.
Tim Allclair
Jan 4, 2023, 2:10:46 PM1/4/23
to CJ Cullen, Bob Killen, Tim Hockin, steering, secu...@kubernetes.io
Maybe this should be escalated to the LF legal team? They should be able to advise on what the requirements are.
On Wed, Jan 4, 2023 at 9:57 AM 'CJ Cullen' via security <secu...@kubernetes.io> wrote:
Thanks for the responses.Who is the right person to make this call and get it done? Bob, is that you?
To view this discussion on the web visit https://groups.google.com/a/kubernetes.io/d/msgid/security/CABdrxGA8mrVBdxhhsf%2BEN6hqFm8Y8dithwavRri2tiiG3hvWfA%40mail.gmail.com.
CJ Cullen
Jan 5, 2023, 1:59:55 PM1/5/23
to security, Tim Allclair, Bob Killen, Tim Hockin, steering, secu...@kubernetes.io, CJ Cullen
Bob, can you drive this?
CJ Cullen
Jan 5, 2023, 2:00:06 PM1/5/23
to Bob Killen, Tim Hockin, steering, secu...@kubernetes.io
Thanks for the responses.
Who is the right person to make this call and get it done? Bob, is that you?
On Tue, Dec 20, 2022 at 9:47 AM Bob Killen <kille...@gmail.com> wrote:
Bob Killen
Jan 5, 2023, 2:02:59 PM1/5/23
to CJ Cullen, security, Tim Allclair, Tim Hockin, steering
Yeah, I'll start pinging folk.
Reply all
Reply to author
Forward
0 new messages