We need a way to report security issues

[mattmoor]

I'd recommend that we create something like knative-security that is world reportable, but very tightly readable.

[mchmarny]

@mattmoor is that a knative-security mailing list or project/issue list? Trying to decode the world reportable, but very tightly readable part

[mattmoor]

I think we probably want a distribution list

[mchmarny]

OK, I'll work with Evan on this. Do we need a separate doc knative/docs on this or some additional text to clarify the types of issues one should send in there?

/unassign @mchmarny
/assign @evankanderson

[evankanderson]

I've created https://groups.google.com/forum/#!forum/knative-security and added the following users:

@mchmarny
All current TOC members

I'm willing to add 1-2 representative from other contributing organizations, with the understanding that security issue discussion tends to be on a need-to-know basis until the fix is completed.

[evankanderson]

/reopen

/assign @RichieEscarez

We should figure out where to put knative-security@googlegroups.com in our documentation as a security-issue reporting address. Possibly this should go into an issue template as well. ("If you are in a life-threatening emergency, please hang up and dial 9-1-1...")

[knative-prow-robot]

@evankanderson: Reopening this issue.

In response to this:

/reopen

/assign @RichieEscarez

We should figure out where to put knative-security@googlegroups.com in our documentation as a security-issue reporting address. Possibly this should go into an issue template as well. ("If you are in a life-threatening emergency, please hang up and dial 9-1-1...")

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[RichieEscarez]

sgtm, we'll use that verbatim =). Sam offered to take this on since she's in the process of updating our templates.

We chatted about adding something in our issue template and also moving all our existing troubleshooting info into a standalone file and then linking knative-security@googlegroups.com from there too.