From f18f609bcda29095cad8a0e5f2bbd44b92e83ed9 Mon Sep 17 00:00:00 2001
From: Gyuho Lee <leegyuho@amazon.com>
Date: Tue, 23 Mar 2021 11:16:38 -0700
Subject: [PATCH] security: add private distributor list, and its application
 template

Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
---
 .../distributors-application.md               | 28 +++++++++++++++++++
 security/README.md                            | 10 +++++++
 security/security-release-process.md          |  4 +++
 3 files changed, 42 insertions(+)
 create mode 100644 .github/ISSUE_TEMPLATE/distributors-application.md

diff --git a/.github/ISSUE_TEMPLATE/distributors-application.md b/.github/ISSUE_TEMPLATE/distributors-application.md
new file mode 100644
index 000000000..c660ec20c
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/distributors-application.md
@@ -0,0 +1,28 @@
+---
+name: Distributors Application
+title: Distributors Application for <YOUR DISTRIBUTION HERE>
+about: Apply for membership of security@etcd.io
+---
+
+<!--
+Please answer the following questions and provide supporting evidence for
+meeting the membership criteria.
+-->
+
+**Actively monitored security email alias for our project:**
+
+**1. Have a user base not limited to your own organization.**
+
+**2. Have a publicly verifiable track record up to present day of fixing security issues.**
+
+**3. Not be a downstream or rebuild of another distribution.**
+
+**4. Be a participant and active contributor in the community.**
+
+**5. Accept the Embargo Policy.**
+<!-- https://github.com/etcd-io/etcd/blob/master/security/security-release-process.md#disclosures -->
+
+**6. Be willing to contribute back.**
+<!-- Per https://github.com/etcd-io/etcd/blob/master/security/security-release-process.md#patch-release-and-public-communication -->
+
+**7. Have someone already on the list vouch for the person requesting membership on behalf of your distribution.**
diff --git a/security/README.md b/security/README.md
index e0335dc34..073069569 100644
--- a/security/README.md
+++ b/security/README.md
@@ -35,3 +35,13 @@ A public disclosure date is negotiated by the etcd Product Security Committee an
 ## Security Audit
 
 A third party security audit was performed by Trail of Bits, find the full report [here](SECURITY_AUDIT.pdf).
+
+## Private Distributor List
+
+This list provides actionable information regarding etcd security to multiple distributors. Members of the list may not use the information for anything other than fixing the issue for respective distribution's users. If you continue to leak information and break the policy outlined here, you will be removed from the list.
+
+### Request to Join
+
+New membership requests are sent to security@etcd.io.
+
+File an issue [here](https://github.com/etcd-io/etcd/issues/new?template=distributors-application.md), filling in the criteria template.
diff --git a/security/security-release-process.md b/security/security-release-process.md
index 297edde44..8b6fc3551 100644
--- a/security/security-release-process.md
+++ b/security/security-release-process.md
@@ -11,7 +11,11 @@ The PSC is responsible for organizing the entire response including internal com
 The initial PSC will consist of volunteers who have been involved in the initial discussion:
 
 - Brandon Philips (**[@philips](https://github.com/philips)**) [4096R/154343260542DF34]
+- Gyuho Lee (**[@gyuho](https://github.com/gyuho)**)
+- Joe Betz (**[@jpbetz](https://github.com/jpbetz)**)
 - Sahdev Zala (**[@spzala](https://github.com/spzala)**)
+- Sam Batschelet (**[@hexfusion](https://github.com/hexfusion)**)
+- Xiang Li (**[@xiang90](https://github.com/xiang90)**)
 
 The PSC members will share various tasks as listed below: