Tommy McCormick

> We may want to mention on this KEP what we want to do about the `PodSecurityPolicy` enforcements around `AppArmor`. We can: 1) do nothing 2) extend enforcements to the...

> I think the remaining issues are things that can be hashed out in the implementation / API reivew, so I'm comfortable approving this KEP. However, we're past enhancements freeze...

Working on some documentation updates in https://github.com/kubernetes/website/pull/37191 - does this block us from approving the KEP? If so I think that and a PRR approval are all we need? cc...

/assign @derekwaynecarr

> Looks like there are still some PRR questions open. > ... > If you have time to address the open debuggability concerns that works too. @tallclair can you point...

> In my experiments with cloud hypervisor I have also been using the TAP/virtio approach over IPv6 link-local. > > Cloud-hypervisor has support for `vhost-net` as well (FC doesn't) so...

> @mccormickt wasnt 100% clear, are you saying this ticket is completed per #506 ? minus the `virio-net` vs `vhost-user-net` nuance? This is mostly completed. TAP devices are managed by...

It would be nice to (eventually) have CRI support to allow for something like an auraed-managed kubelet spawning pods in a nested cell or in a VM (using aurae as...

>If your application doesn't require CORS in a specific environment, it's advisable to disable the CORS middleware entirely for that environment. The browser will automatically send CORS preflight requests when...

> Why isn't it possible to configure AllowCredentials + AllowOrigins("*")? That's just part of the design of CORS. https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS/Errors/CORSNotSupportingCredentials > Maybe in the code, we can check if AllowOrigins is...