Security Email List Signup

We need to make sure people are signing up for the correct newsletter or security release lists.

Propose the following:

• Monday - Add a "Sign up for security notifications" under the Security section that makes it clear the user is signing up for security updates. https://about.gitlab.com/contact/

• Now - Change verbiage on the contact us page under newsletter that makes it clear user is only signing up for twice-monthly newsletter. https://about.gitlab.com/contact/

• Ongoing - In every security blog, at the bottom point users to how they can signup for security updates on the contact us page.

• Monday - Tweet "sign up for security alerts" periodically pointing to the contact us page - https://about.gitlab.com/contact/

• Now - Update the verbiage on the blog to say they are signing up for twice-monthly newsletter - https://about.gitlab.com/blog/

• Next newsletter - Include "signup for security alerts" in one of the upcoming newsletters.

• Monday - Email the 1500 person list (not the 800 person one we've already emailed] the security release from last week as the second signup box on the website wasn't clear it was for newsletter only.

• Mid-week - Email the 1500 + 900 person list that we aren't emailing every blog post out and moving to only send security updates to the list that has registered for those plus the twice monthly blog post. Our blog post frequency is about to increase quite a bit. Note: If we wanted to make the RSS style email alert every time a blog post is sent for this 2400 person list, we could spend some engineering/marketing time to migrate to this http://launchpoint.marketo.com/perkuto/1248-digesto-rss-to-email-for-marketo/#solution-description

data points:

https://about.gitlab.com/2015/11/25/gitlab-8-dot-2-1-security-release/#comment-2382789217

https://twitter.com/TDBishop/status/669678181708922884

cc @rspeicher for help updating the blog text + adding form to the contact us page.

As mentioned in the Disqus thread, I didn't receive an email for the blog post that notified about the 8.2.1 release. Hence I can only assume there is a problem with emails being sent for blog posts. This should probably be looked at first because a number of people like me rely on that blog for updates about new releases, security notifications etc.

Might then be worth writing a blog post about the new email setup and where to signup if a new security email list is going to be created.

I'm still somewhat amazed that signup is being done by hand...

I'm still somewhat amazed that signup is being done by hand...

It's not, normally. I think any manual signups are only happening while we transition between mailing list managers.

@myitcv Hey Paul - They aren't being done by hand. I wanted to check and see why you weren't receiving the security email as we had migrated all the lists from Mailchimp into Marketo so by looking at your email, we could see which list we could have missed.

After looking into it, you weren't on any of the lists with the email you mailed us from. I'm only seeing this email as being added today via the form on the blog, which signs you up for security updates and newsletters (being updated via rules above).

Is there any other email address you could have signed up with? If not, do you remember approximately when you signed up and where so I can further look into any older email systems to make sure we didn't miss anything?

@myitcv looked into the lists further - I can't find your email in either the new system or the old before today when you submitted the form. Let me know if it is under a different email address. Otherwise, I'll start working internally to see if there is some other system that somehow pre-dates MailChimp.

They aren't being done by hand

In which case, my apologies: I had understood this from our various exchanges.

I will revert back on our private email thread with another address that I might have used to subscribe.

However I think one important issue remains (irrespective of the new security mailing list); I'm not receiving emails for blog posts. Is this meant to be working still?

@hanktaylor I updated the wording on the contact page and blog post to indicated those two signups are only for the twice-monthly newsletter. I'm out sick tomorrow (On day 4 of the flu so hopefully back Tuesday) so please work with @rspeicher to get the form for security updates added to the contact us page.

@nearlythere once that form is live, can you tweet and add a link from the most recent security blog post?

Updating the list above.

@AshleyS great idea to do a 'security advisories' email list (I think we should copy that name from https://www.drupal.org/security).

@hanktaylor Have you created the Marketo form to receive these security signups? Once that's done it should be easy to add it to the contact page, similar to how the Newsletter signup form is there now.

@rspeicher Here's the embed code for the security signup:

<script src="//app-ab13.marketo.com/js/forms2/js/forms2.min.js"></script>
<form id="mktoForm_1102"></form>
<script>MktoForms2.loadForm("//app-ab13.marketo.com", "194-VVC-221", 1102);</script>

It's just a one-field form, very simple.

@skyruler @creamzy Can either of you create a simple icon we can use on the contact page for security alerts? about.gitlab.com/contact

I will add a new block to Contact page for "Security Alerts" signup form.

Done, see below.

!1179 (merged)

@nearlythere can you schedule a few tweets over the next few weeks/months about security update?

Status changed to closed