The kubernetes-announce mailing list is mostly used for release
announcements whereas a dedicated kubernetes-security-announcement list
exists for security related topics.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
We don't need to be the dispatch for all vulns, now that other projects are starting to have their own processes. But we don't want to discourage reports about stuff that isn't directly in k/k either.
Saying that we usually disclose vuln reports in 7 days is just not true. But, I think it's still good to aim for 7 days when we aren't blocked on and coordinating release of patches.
Sascha Grunert
Maya Kaczorowski
CJ Cullen
Zach Arnold
Jordan Liggitt
Joel Smith
Shivam Khandelwal
Brandon Philips
makocchi
Jennifer Rondeau