-
Notifications
You must be signed in to change notification settings - Fork 823
/
groups.yaml
136 lines (124 loc) · 4.42 KB
/
groups.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
# This file has the list of groups in kubernetes.io gsuite org that we use for
# granting permissions to various community resources. Please ensure that the
# group is prefixed with "k8s-infra" to avoid polluting the other existing gsuite
# mailing lists.
groups:
#
# Mailing lists
#
# Each group here represents a mailing list for the SIG or its subprojects,
# and is not intended to govern access to infrastructure
#
- email-id: distributors-announce@kubernetes.io
name: distributors-announce
description: |-
Private vulnerability pre-announcement list for Kubernetes distributors.
https://git.k8s.io/committee-security-response/private-distributors-list.md
settings:
ReconcileMembers: "true"
AllowWebPosting: "true"
MessageModerationLevel: "MODERATE_ALL_MESSAGES"
WhoCanViewGroup: "ALL_MANAGERS_CAN_VIEW"
WhoCanDiscoverGroup: "ALL_MEMBERS_CAN_DISCOVER"
owners:
- cjcullen@google.com
- cjingram@google.com
- i@monis.app
- joelsmith@redhat.com
- mhausler@amazon.com
- rita.z.zhang@gmail.com
- srajakum@amazon.com
- tabitha.c.sable@gmail.com
members:
# Distributors
- argoprod@us.ibm.com
- aws-k8s-embargo-notification@amazon.com
- k8s-security@suse.de
- k8s_security_grp@oracle.com
- kops-security-response@googlegroups.com
- kubernetes-security-disclosure@google.com
- kubernetes-security-team@ml.ovh.net
- kubernetes-security@cisco.com
- kubernetes-security@docker.com
- kubernetes-security@huawei.com
- kubernetes-security@service.aliyun.com
- kube-security@microsoft.com
- kubernetes-security@weave.works
- mke-security@mesosphere.com
- release-managers-private@kubernetes.io
- secalert@redhat.com
- secure@sap.com
- security@digitalocean.com
- security@giantswarm.io
- security@gravitational.com
- security@kinvolk.io
- security@loodse.com
- security@platform9.com
- security-rancher@suse.com
- security@ubuntu.com
- VMware.psirt@broadcom.com
- vulnerabilityreports@cloudfoundry.org
- email-id: security@kubernetes.io
name: security
description: |-
Private security disclosure alias.
See https://kubernetes.io/docs/reference/issues-security/security/
settings:
WhoCanPostMessage: "ANYONE_CAN_POST"
ReconcileMembers: "true"
owners:
- cjcullen@google.com
- cjingram@google.com
- i@monis.app
- joelsmith@redhat.com
- mhausler@amazon.com
- rita.z.zhang@gmail.com
- srajakum@amazon.com
- tabitha.c.sable@gmail.com
- email-id: security-discuss-private@kubernetes.io
name: security-discuss-private
description: |-
Private discussion forum for SRC members.
https://github.com/kubernetes/security#security-response-committee-psc
settings:
WhoCanPostMessage: "ANYONE_CAN_POST"
ReconcileMembers: "true"
owners:
- cjcullen@google.com
- cjingram@google.com
- i@monis.app
- joelsmith@redhat.com
- mhausler@amazon.com
- rita.z.zhang@gmail.com
- srajakum@amazon.com
- tabitha.c.sable@gmail.com
#
# k8s-staging write access for SIG-owned subprojects
#
# Each group here represents privileged access to a staging project,
# allowing the members to directly write to GCS and GCR within the
# project, as well as trigger Cloud Build within the project. Ideally
# this level access is used solely for troubleshooting purposes.
#
# Membership should correspond roughly to subproject owners for the set of
# subproject artifacts being stored in a given staging project
#
#
# k8s-infra owners for sig-owned subprojects
#
# Each group here represents highly privileged access to kubernetes project
# infrastructure owned or managed by this SIG. A high level of trust is
# required for membership in these groups.
#
- email-id: k8s-infra-artifact-security@kubernetes.io
name: k8s-infra-artifact-security
description: |-
ACL for artifact security, including things like vulnerability scans
settings:
ReconcileMembers: "true"
members:
- security@kubernetes.io
# RBAC groups:
# - grant access to the `namespace-user` role for a single namespace on the `aaa` cluster
# - must have WhoCanViewMemberShip: "ALL_MEMBERS_CAN_VIEW"
# - must be members of gke-security-groups@kubernetes.io