Schedule of tracking security issues of Flatcar

# Schedule of tracking security issues of Flatcar This table describes a rough schedule of who should be in charge of regularly tracking security issues for Flatcar, especially tracking issues from upstream projects like Gentoo Linux. | Week of | Primary | Secondary | | ---------- | -------- | --------- | | ~~2022-05-02~~ | ~~Dongsu~~ | ~~Sayan~~ | | ~~2022-05-09~~ | ~~Sayan~~ | ~~Kai~~ | | ~~2022-05-16~~ | ~~Dongsu~~ | ~~Mathieu~~ | | 2022-05-23 | ~~Sayan~~ | ~~Dongsu~~ | | 2022-05-30 | ~~Kai~~ | ~~Mathieu~~ | | 2022-06-06 | ~~Mathieu~~ | ~~Kai~~ | | 2022-06-13 | Kai | Mathieu | | 2022-06-20 | Sayan | Dongsu | | 2022-06-27 | Dongsu | Mathieu | | 2022-07-04 | Mathieu | Kai | | 2022-07-11 | Kai | Sayan | | 2022-07-18 | Sayan | Dongsu | ### what to do Primary person should do so: * Every day look into upstream security trackers like below: * [Gentoo security vulnerabilities](https://bugs.gentoo.org/buglist.cgi?bug_status=__open__&component=Vulnerabilities&list_id=6015515&product=Gentoo%20Security). It might be useful to use `gorss` + RSS feed for this. * [oss-security mailing list](https://oss-security.openwall.org/wiki/mailing-lists/oss-security) * [Golang announce mailing list](https://groups.google.com/g/golang-announce) * [Rust security announcements](https://groups.google.com/g/rustlang-security-announcements) * (optional) [RedHat vulnerabilities](https://bugzilla.redhat.com/buglist.cgi?component=vulnerability&product=Security%20Response&resolution=---) * If we see any new CVE, then add it to the [CVE spreadsheets](https://docs.google.com/spreadsheets/d/1gAn7JyASTCydfC2ZllUx4qpS2hMTd5TWVykq6AVAf-c/edit#gid=0) (still private), and click the link (above left) to generate new issues. Then we should be able to see a new issue created in [Kinvolk security Github issues](https://github.com/kinvolk/security/issues). (still private) * If the package of the new CVE is already open in [Kinvolk security Github issues](https://github.com/kinvolk/security/issues), then unfortunately we need to manually edit the existing issue to add the new CVE.