While working on the migration of CVE feed generation to Cloud Build, we discovered that the CVE feed prow job [reports its errors ](https://github.com/kubernetes/k8s-test-infra/blob/master/config/jobs/kubernetes/sig-k8s-infra/trusted/sig-security-trusted.yaml#L117)to security-tooling-private@kubernetes.io Let's break this apart for separation of duties: * [create a new list](https://github.com/kubernetes/k8s.io/blob/main/groups/sig-security/groups.yaml) * maybe call it cve-feed-maintainers@kubernetes.io ? * Populate it with the SIG leads and the CVE feed maintainers * Update the prow job config to email errors to the new list * create another new list k8s-infra-staging-sig-security@kubernetes.io (this is the hardcoded required name by [the IAC script](https://github.com/kubernetes/k8s.io/blob/main/infra/gcp/bash/ensure-staging-storage.sh) * Populate it with cve-feed-maintainers@kubernetes.io so that it will not require future maintenance
While working on the migration of CVE feed generation to Cloud Build, we discovered that the CVE feed prow job reports its errors to security-tooling-private@kubernetes.io
Let's break this apart for separation of duties: