Track security issues for the translation platform

Originally created by @drebs on #17378 (Redmine)

The translation platform currently runs software that doesn’t come from Debian (Weblate + dependencies), and we currently have no way to track security issues for them.

Some ideas to deal with this are:

Develop a way to automatically get notified and maintain and enforce a workflow to manually upgrade when needed.
Invest time into packaging more Weblate dependencies and trust package maintainers to do a good job.
Create a script that fetches versions from Github and checks for patches for the current running version (i.e. filter for major.minor and check if there are bigger versions available).
Use an online API to check for CVEs for Weblate (example: https://www.circl.lu/services/cve-search).
Other possibilities?

Constraints

Notifications should be sent to the Translation Platform admins list.
No special per-admin steps should be needed. (eg. setting up local e-mail filters)

Sources of important security info

django-announce mailing list (RSS).
Weblate releases RSS feed.

Proposed steps

Setup a way to get RSS notifications in administrative e-mail.
Subscribe the above sources to send e-mail to Translation Platform admins list.
Implement case insensitive post-process security filter for rss2email subscriptions.
Subscribe to get release updates for all Python dependencies installed from upstream repositories.

Edited Mar 04, 2021 by Zen Fu

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information