We're asking the following questions to evaluate whether or not OCPBUGS-17391 warrants changing update recommendations from either the previous X.Y or X.Y.Z. The ultimate goal is to avoid recommending an update which introduces new risk or reduces cluster functionality in any way. In the absence of a declared update risk (the status quo), there is some risk that the existing fleet updates into the at-risk releases. Depending on the bug and estimated risk, leaving the update risk undeclared may be acceptable.

Sample answers are provided to give more context and the ImpactStatementRequested label has been added to OCPBUGS-17391. When responding, please move this ticket to Code Review. The expectation is that the assignee answers these questions.

Which 4.y.z to 4.y'.z' updates increase vulnerability?

Updates out of 4.13.9 and later (where 4.13.9+'s CRI-O has new stopping logic, OCPBUGS-15868, OCPBUGS-17150), until updating into releases with the
fix (where the incoming network operator will work smoothly with the new CRI-O as the ovnkube-master DaemonSet updates).
So 4.13.8 -> 4.13.9 wouldn't be vulnerable (outgoing CRI-O predates the stopping pivot). 4.13.9 -> 4.13.10 would be vulnerable (outgoing CRI-O has the
pivot, incoming network operator has not been patched). 4.13.9 -> 4.13.fixed would not be vulnerable (incoming network operator has been patched).

But this regression source is speculative, and has not been confirmed by extensive testing.

Which types of clusters?

OVN, because SDN doesn't use `ovn-ctl` stop hooks.

What is the impact? Is it serious enough to warrant removing update recommendations?

The update can take an additional ~3m per control-plane node to update the ovnkube-master DaemonSet. No functional impact other than the time that
rollout takes; the cluster will be completely healthy and workloads will not be impacted.

How involved is remediation?

Because of the limited impact, remediation has not been investigated.

Is this a regression?

It is assumed so, in 4.13.9. But we have not confirmed that through testing, because of the limited impact.