Create OpenJS CNA Mailing List

openjs-foundation / security-collab-space

a repository for documenting and coordinating the foundation's security collaboration space

Apache License 2.0

24 stars 8 forks source link

Create OpenJS CNA Mailing List #237

Open ruddermann opened 1 month ago

ruddermann commented 1 month ago

On the OpenJS CNA Application we need to provide two separate email addresses with mailing lists. The recommendation for these to are:

Public Point of Contact: security@openjsf.org
CNA Mailing List Contact: cna@openjsf.org

bensternthal commented 1 month ago

@ruddermann Should these lists be private?

bensternthal commented 2 weeks ago

@ruddermann ping

ljharb commented 2 weeks ago

@bensternthal like, should membership be private? or emails sent to the list?

bensternthal commented 2 weeks ago

@ljharb

Public = anyone can view messages on the web
Private = limited to those subscribed to the list

We can also control posting permissions, those options are:

Moderated Discussions: New members cannot post to the list without their emails being approved by a moderator. For new lists, this uses a Groups.io setting that will only moderate users for their first 3 posts.
Open Discussion: New members can immediately post to the list.
Announcement: Only moderators can post to the list

ljharb commented 2 weeks ago

I would assume, then, that it must be private, since security reports may come in via that mechanism. For posting permissions, probably open discussion until there's an issue, at which point we'd lock it down to moderated?