We understand that users place trust in the software and services that Kinvolk makes and distributes. This is critical infrastructure for communities and companies. This is a responsibility that we take seriously and is our top priority.
For issues under an embargo, Kinvolk does not issue a disclosure until an investigation is complete and the agreed date has been reached.
Reporting found issues or concerns in kinvolk software or services, please email [email protected].
When reporting an issue, please include:
- versions of tools and components involved
- reproducer or proof-of-concept
- relevant output
Flatcar Container Linux
Flatcar Container Linux images are available for download, signed by the GPG key described in flatcar-linux.org/security.
Flatcar Container Linux public update key is available in its repository.
On a Flatcar server, this key is available on the read only dm-verity mounted
/usr partition at:
Releases of Lokomotive are signed by keys prescribed in its keys document.