On Mon, Feb 18, 2019 at 03:10:00PM +0100, Levente Polyak via arch-devops <arch-devops@lists.archlinux.org> wrote:
However, the primary advantage we wanted to have solved on top are managed/subscribed reporting to CERT.
Sorry, I didn't know that. This is indeed a pretty good reason and I'm much more inclined to agree that deploying this might be a good idea. If someone wants to work on this (i.e. create ansible roles), I won't oppose. Some question came to mind though: Do we actually need encryption there? Do they send important/zero-day/private issues or do they just send some form of advisory about already public problems? Or do they require a GPG key before they add you to their contact list? Also, could you give a rough estimate of how many mails per day/month/year we are talking about and how many different senders are involved? Florian