From a355197476a2c533637afef15fab0349bc66b83a Mon Sep 17 00:00:00 2001
From: Elana Hashman <ehashman@redhat.com>
Date: Thu, 23 Dec 2021 11:37:20 -0800
Subject: [PATCH 1/3] Rehome KEP-1753 for deprecation

SIG Instrumentation is leading the deprecation of this feature as
we own some of the code. We started it, we'll finish it :)
---
 .../1753-logs-sanitization/README.md                          | 0
 .../1753-logs-sanitization/kep.yaml                           | 4 ++--
 2 files changed, 2 insertions(+), 2 deletions(-)
 rename keps/{sig-security => sig-instrumentation}/1753-logs-sanitization/README.md (100%)
 rename keps/{sig-security => sig-instrumentation}/1753-logs-sanitization/kep.yaml (88%)

diff --git a/keps/sig-security/1753-logs-sanitization/README.md b/keps/sig-instrumentation/1753-logs-sanitization/README.md
similarity index 100%
rename from keps/sig-security/1753-logs-sanitization/README.md
rename to keps/sig-instrumentation/1753-logs-sanitization/README.md
diff --git a/keps/sig-security/1753-logs-sanitization/kep.yaml b/keps/sig-instrumentation/1753-logs-sanitization/kep.yaml
similarity index 88%
rename from keps/sig-security/1753-logs-sanitization/kep.yaml
rename to keps/sig-instrumentation/1753-logs-sanitization/kep.yaml
index 3f7134bcc47..fb30b05c7fe 100644
--- a/keps/sig-security/1753-logs-sanitization/kep.yaml
+++ b/keps/sig-instrumentation/1753-logs-sanitization/kep.yaml
@@ -4,9 +4,9 @@ authors:
   - "@44past4"
   - "@immutableT"
   - "@PurelyApplied"
-owning-sig: sig-security
+owning-sig: sig-instrumentation
 participating-sigs:
-  - sig-instrumentation
+  - sig-security
 status: implementable
 creation-date: 2020-05-07
 last-updated: 2020-10-14

From a0b17554a6724d446ba376dc2d676f7b29c7cde5 Mon Sep 17 00:00:00 2001
From: Elana Hashman <ehashman@redhat.com>
Date: Thu, 23 Dec 2021 11:55:24 -0800
Subject: [PATCH 2/3] Update KEP-1753 metadata for deprecation

---
 .../1753-logs-sanitization/kep.yaml                   | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/keps/sig-instrumentation/1753-logs-sanitization/kep.yaml b/keps/sig-instrumentation/1753-logs-sanitization/kep.yaml
index fb30b05c7fe..46ed4020ca1 100644
--- a/keps/sig-instrumentation/1753-logs-sanitization/kep.yaml
+++ b/keps/sig-instrumentation/1753-logs-sanitization/kep.yaml
@@ -7,11 +7,14 @@ authors:
 owning-sig: sig-instrumentation
 participating-sigs:
   - sig-security
-status: implementable
+status: implemented (alpha)
 creation-date: 2020-05-07
-last-updated: 2020-10-14
-stage: alpha
-latest-milestone: "1.19"
+stage: alpha (deprecated)
+latest-milestone: "1.24"
+milestone:
+  alpha: "v1.19"
+  deprecated: "v1.24"
+  removed: "v1.24"
 reviewers:
   - "@ehashman"
 approvers:

From 1ab8725d07b9c4a9bb00cb27bc46f0b57cc91a32 Mon Sep 17 00:00:00 2001
From: Elana Hashman <ehashman@redhat.com>
Date: Thu, 23 Dec 2021 11:59:39 -0800
Subject: [PATCH 3/3] Update KEP-1753 with deprecation notice

---
 .../1753-logs-sanitization/README.md                 | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/keps/sig-instrumentation/1753-logs-sanitization/README.md b/keps/sig-instrumentation/1753-logs-sanitization/README.md
index 7e8ab6ba207..9039352eab0 100644
--- a/keps/sig-instrumentation/1753-logs-sanitization/README.md
+++ b/keps/sig-instrumentation/1753-logs-sanitization/README.md
@@ -7,6 +7,7 @@
   - [Goals](#goals)
   - [Non-Goals](#non-goals)
 - [Proposal](#proposal)
+  - [Deprecation](#deprecation)
   - [Risks and Mitigations](#risks-and-mitigations)
     - [Performance overhead](#performance-overhead)
 - [Design Details](#design-details)
@@ -105,6 +106,16 @@ We also propose to implement a small library which could use the above informati
 
 Finally we propose to integrate this library with the klog logging library used by Kubernetes in a way that when enabled the log entries which contain information marked as sensitive will be redacted from the logs.
 
+### Deprecation
+
+Dynamic log sanitization was added as an experimental alpha feature under SIG Instrumentation in the 1.20 release. When it was introduced, the SIG had some reservations about the feature and its performance, but concluded that an alpha POC would be low risk. We encouraged exploring alternatives, and that eventually resulted in the implementation of static analysis as part of our presubmit CI to ensure secrets are not being logged. This alternative implementation has graduated to stable in the 1.23 cycle.
+
+During SIG Instrumentation's Dec. 9 meeting, we discussed the support burden of this feature and the issues this may cause in blocking other new logging improvements. Hence, we would like to deprecate the feature in the 1.24 cycle. Since this is an alpha feature, this means it will be entirely removed.
+
+Note that [data policy tags](#source-code-tags) will not be deprecated or removed, as they are currently in use by [KEP-1933] and may be used by other automated tools in the future.
+
+[KEP-1933]: /keps/sig-security/1933-secret-logging-static-analysis/README.md
+
 ### Risks and Mitigations
 
 #### Performance overhead
@@ -231,6 +242,7 @@ To address them we propose:
 
 * 2020-05-08 - Original Proposal
 * 2020-08-07 - Merged as provisional
+* 2021-12-23 - Marked for deprecation
 
 ## Drawbacks