-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Showing
4 changed files
with
62 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -78,4 +78,7 @@ Koordinator is licensed under the Apache License, Version 2.0. See [LICENSE](./L | |
| ## Star History | ||
| [](https://star-history.com/#koordinator-sh/koordinator&Date) | ||
| --> | ||
| --> | ||
|
|
||
| ## 安全 | ||
| 对于发现的安全漏洞,请邮件发送至[email protected],您可在[SECURITY.md](./SECURITY.md)文件中找到更多信息。 | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -21,12 +21,12 @@ running beyond K8s such as Apache Haddop YARN. As a resource management platform | |
| numbers of computing engines including MapReduce, Spark, Flink, Presto, etc. | ||
|
|
||
| In order to extend the co-location scenario of Koordinator, now the community has provided Hadoop YARN extended suits | ||
| `Koordinator YARN Copilot` in BigData ecosystem, supporting running Hadoop YARN jobs by `koord-batch` resources with | ||
| `Koordinator YARN Copilot` in BigData ecosystem, supporting running Hadoop YARN jobs by `koord-batch` resources with | ||
| other K8s pods. The `Koordinator YARN Copilot` has following characteristics: | ||
|
|
||
| - Open-Source native: implement against open-sourced version of Hadoop YARN; so there is no hack inside YARN modules. | ||
| - Unifed resource priority and QoS strategy: the suits aims to the `koord-batch` priority of Koordinator, and also managed by QoS strategies of koordlet. | ||
| - Resource sharing on node level: node resources of `koord-batch` priority can be requested by tasks of YARN or `Batch` pods both. | ||
| - Resource sharing on node level: node resources of `koord-batch` priority can be requested by tasks of YARN or `Batch` pods both. | ||
| - Adaptive for multiple environments: the suits can be run under any environment, including public cloud or IDC. | ||
|
|
||
| ## Quick Start | ||
|
|
@@ -81,4 +81,7 @@ Koordinator is licensed under the Apache License, Version 2.0. See [LICENSE](./L | |
| ## Star History | ||
| [](https://star-history.com/#koordinator-sh/koordinator&Date) | ||
| --> | ||
| --> | ||
|
|
||
| ## Security | ||
| Please report vulnerabilities by email to [email protected]. Also see our [SECURITY.md](./SECURITY.md) file for details. | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| # Security Policy | ||
|
|
||
| - [Security Policy](#security-policy) | ||
| - [Reporting security problems](#reporting-security-problems) | ||
| - [Vulnerability Management Plans](#vulnerability-management-plans) | ||
| - [Critical Updates And Security Notices](#critical-updates-and-security-notices) | ||
|
|
||
| ## Reporting security problems | ||
|
|
||
| **DO NOT CREATE AN ISSUE** to report a security problem. Instead, please | ||
| send an email to [email protected] | ||
|
|
||
| Please follow the [embargo policy](./embargo-policy.md) for all security-related problems. | ||
|
|
||
| ## Vulnerability Management Plans | ||
|
|
||
| ### Critical Updates And Security Notices | ||
|
|
||
| We learn about critical software updates and security threats from these sources | ||
|
|
||
| 1. GitHub Security Alerts | ||
| 2. [Dependabot](https://dependabot.com/) Dependency Updates |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,30 @@ | ||
| # Embargo Policy | ||
|
|
||
| This policy forbids members of this project's security contacts any others | ||
| defined below from sharing information outside of the security contacts and this | ||
| listing without need-to-know and advance notice. | ||
|
|
||
| The information members and others receive from the list defined below must: | ||
|
|
||
| * not be made public, | ||
| * not be shared, | ||
| * not be hinted at | ||
| * must be kept confidential and close held | ||
|
|
||
| Except with the list's explicit approval. This holds true until the public | ||
| disclosure date/time that was agreed upon by the list. | ||
|
|
||
| If information is inadvertently shared beyond what is allowed by this policy, | ||
| you are REQUIRED to inform the security contacts [email protected] of exactly what | ||
| information leaked and to whom. A retrospective will take place after the leak | ||
| so we can assess how to not make this mistake in the future. | ||
|
|
||
| Violation of this policy will result in the immediate removal and subsequent | ||
| replacement of you from this list or the Security Contacts. | ||
|
|
||
| ## Disclosure Timeline | ||
|
|
||
| This project sustains a **disclosure timeline** to ensure we provide a | ||
| quality, tested release. On some occasions, we may need to extend this timeline | ||
| due to complexity of the problem, lack of expertise available, or other reasons. | ||
| Submitters will be notified if an extension occurs. |