Private embargoed vulnerability announcement list

Add an embargo-notice@lists.openstack.org mailing list for private advance notification of embargoed security vulnerabilities to downstream stakeholders. Subscribers will be manually added by the OpenStack Vulnerability Management Team, and all posts to this list from non-VMT members will be moderated by the VMT. This is intended as a very low-volume ML for announcements only, and followup replies will be directed to use comments in corresponding private bugs instead of the embargo-notice list. Change-Id: I9a31fd5151e45644c9fb2209b69250b108b04889
2016-06-09 14:08:21 +00:00 · 2016-06-09 14:08:21 +00:00 · 7c18d43632
commit 7c18d43632
parent 30868b0c05
1 changed files with 8 additions and 0 deletions
--- a/modules/openstack_project/manifests/lists.pp
+++ b/modules/openstack_project/manifests/lists.pp
@ -367,4 +367,12 @@ class openstack_project::lists(
    webserver   => $listdomain,
    mailserver  => $listdomain,
  }
+  maillist { 'embargo-notice':
+    ensure      => present,
+    admin       => 'jeremy@openstack.org',
+    password    => $listpassword,
+    description => 'Announcements to stakeholders for embargoed security vulnerabilities.',
+    webserver   => $listdomain,
+    mailserver  => $listdomain,
+  }
 }