security-announcements category

[nathenharvey]

As a Chef Community Member, I wish to receive security related notifications on a dedicated security channel so that these communications can be sent to our security team and/or NOC in addition to our other points of contact.

Categories on Discourse can be configured such that anyone can subscribe and a limited group can publish.

[coderanger]

Thumbs up, maybe in some glorious future we could update the script that syncs from the maintainers.toml to also update the group membership, but for now manual stuffs is probably fine.

My vote would be to give post access to any Chef maintainer just to be safe.

[jjasghar]

This is a great idea. :rocket: :cake: :+1:

My vote would be to give post access to any Chef maintainer just to be safe.

Is also a great idea. Empower the maintainers to inform on issues that may fall through the cracks in their respected areas.

[robbkidd]

:+1: Security. Yes, please.

[miketheman]

:+1: on security announcements category and email address. Post-access should definitely be restricted, and the category topic should guide someone wishing to report a security advisory to the right place, as well as where to go to ask security-related questions.