From 599440ce7294dcfcdf2b270b417599376da3454f Mon Sep 17 00:00:00 2001
From: Julius von Kohout <45896133+juliusvonkohout@users.noreply.github.com>
Date: Sun, 17 Dec 2023 18:28:37 +0100
Subject: [PATCH] Update 20220926-contrib-component-guidelines.md

---
 proposals/20220926-contrib-component-guidelines.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/proposals/20220926-contrib-component-guidelines.md b/proposals/20220926-contrib-component-guidelines.md
index 4b2ed420a7..d8a9a98a84 100644
--- a/proposals/20220926-contrib-component-guidelines.md
+++ b/proposals/20220926-contrib-component-guidelines.md
@@ -46,10 +46,12 @@ These are the requirements for all components under `/contrib`:
       CustomResource and waiting for it to become Ready
     * The maintainers will need to work with the leads of Manifests WG to ensure
       there's some basic automation in place that will be running the above script(s)
-6. All pods must run according to the offical Kubernetes 
+6. All pods must run with the [baseline PSS set](https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline)
+7. [stretch goal] All pods must run according to the offical Kubernetes 
    [podsecuritystandards restricted set](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted).
-   This means explicitly no root containers and dropping all capabilities in your pods
-   securitycontexts.
+   This means explicitly no root containers and dropping all capabilities in your pods securitycontexts.
+8. [stretch goal] Running with Istio sidecars
+9. [stretch goal] Namespace isolation
 
 At this point we don't want to provide too much of a strict structure for the
 README. Developers are free to expose any other information in the README that