Hi Chris, I like this idea. Thanks for raising this!
One question to the template bullet: • Does it make Kafka or any of its components more difficult to run in a fully-secured fashion? I don't quite understand what it means. Could you elaborate on it? Thank you. Luke On Wed, Jan 11, 2023 at 11:59 PM Chris Egerton <chr...@aiven.io.invalid> wrote: > Hi all, > > I'd like to propose augmenting the KIP template with a "Security > Implications" section. Similar to the recently-added "test plan" section, > the purpose here is to draw explicit attention to the security impact of > the changes in the KIP during the design and discussion phase. On top of > that, it should provide a common framework for how to reason about security > so that everyone from new contributors to seasoned committers/PMC members > can use the same standards when evaluating the security implications of a > proposal. > > Here's the draft wording I've come up with so far for the template: > > How does this impact the security of the project? > • Does it make Kafka or any of its components (brokers, clients, Kafka > Connect, Kafka Streams, Mirror Maker 2, etc.) less secure when run with > default settings? > • Does it give users new access to configure clients, brokers, topics, etc. > in situations where they did not have this access before? Keep in mind that > the ability to arbitrarily configure a Kafka client can add to the attack > surface of a project and may be safer to disable by default. > • Does it make Kafka or any of its components more difficult to run in a > fully-secured fashion? > > Let me know your thoughts. My tentative plan is to add this (with any > modifications after discussion) to the KIP template after at least one week > has elapsed, there has been approval from at least a couple seasoned > contributors, and there are no unaddressed objections. > > Cheers, > > Chris >
