We understand that users place trust in the software and services that Kinvolk makes and distributes. This is critical infrastructure for communities and companies. This is a responsibility that we take seriously and is our top priority.
Disclosure
For issues under an embargo, Kinvolk does not issue a disclosure until an investigation is complete and the agreed date has been reached.
There is a private [email protected]
list to receive actionable advisory information related to Kinvolk software or services.
Please contact
[email protected]
for information on subscribing there.
Reporting
Reporting found issues or concerns in kinvolk software or services, please email [email protected] .
When reporting an issue, please include:
- versions of tools and components involved
- reproducer or proof-of-concept
- relevant output
Flatcar Container Linux
Signing key
Flatcar Container Linux images are available for download, signed by the GPG key described in flatcar-linux.org/security .
Update Key
Flatcar Container Linux public update key is available in its repository .
On a Flatcar server, this key is available on the read only
dm-verity
mounted /usr
partition at:
/usr/share/update_engine/update-payload-key.pub.pem