search

kubernetes / committee-security-response

Kubernetes Security Process and Security Committee docs
Apache License 2.0
161 stars 66 forks source link

Create comms template for out-of-scope security@ email reports #159

Closed tabbysable closed 2 years ago

tabbysable commented 2 years ago

Sometimes we get emails to security@ that are not appropriate for that venue: questions about how to harden kubenetes, public vulns, &c. It would make life easier for us and better experience for the requestor if we could close those out quickly and affirmatively. Let's create a comms template for that situation.

It can probably start from the language in the email auto-reply:

If this report is neither a vulnerability report nor a security incident, this is probably not the right list. Consider one of these public options instead:

- kubernetes-security-discuss@googlegroups.com
- open an issue: http://issues.k8s.io/new/choose
- #kubernetes-security slack channel: http://slack.k8s.io/
tabbysable commented 2 years ago

/triage accepted /lifecycle frozen

enj commented 2 years ago

@tabbysable looks like @cjcullen handled this in #160