Dear all, This is a call for consensus within Prometheus-team on releasing node_exporter 1.0.0 as-is.
node_exporter 1.0.0-rc.0 has been cut on 2020-02-20[1]. It features experimental TLS support[2]. We are planning to use this TLS support as a template for all other exporters within and outside of Prometheus proper. To make sure we didn’t build a footgun nor that we’re holding it wrong, CNCF is sponsoring an external security review by Cure53. We have not been giving a clear timeline but work should start in week 22 (May 25th) at the latest with no time to completion stated. There are two positions: * Wait for the security review to finish before cutting 1.0.0 * Release ASAP, given that this feature is clearly marked as experimental and it will not see wider testing until we cut 1.0.0 I am asking Prometheus-team to establish rough consensus with a hum. Should the maintainers (Ben & Fish) be allowed to release without waiting for the audit to finish? Best, Richard [1] https://github.com/prometheus/node_exporter/releases/tag/v1.0.0-rc.0 [2] https://github.com/prometheus/node_exporter/pull/1277 -- You received this message because you are subscribed to the Google Groups "Prometheus Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-developers/CAD77%2BgRRHN%2BXfAxXeVitomS9Gz1Nx78ZGw1p%3D6xhtfQmqPJcXg%40mail.gmail.com.
