-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello Karol, The "procedure" section of [1] says that. However, it only pertains ACMT members. I think any other user could do the same. [1] https://wiki.archlinux.org/index.php/Arch_CVE_Monitoring_Team Regards, Noel Kuntze GPG Key id: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 Am 28.06.2014 18:23, schrieb Karol Blazewicz:
Should I open a bug report saying that e.g. some Arch package has certain vulnerability, mark the report as critical and wait for someone to set it as private? How do we deal with such sensitive information?
I've looked in the wiki, but neither https://wiki.archlinux.org/index.php/Arch_CVE_Monitoring_Team nor https://wiki.archlinux.org/index.php/CVE-2014 has any info on this.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTru48AAoJEDg5KY9j7GZYoE4P/2wtxFqIDkE0nm5y1saORThy A7eI91nrMhZ4hOlUNc3oa0FHdgocxP3zNnIj/iMpxwNOoFt3FLBfKwWsLzNBJFEE Lwrg8dwIW+QaGZ9PXVZTHc7J+cmbDqyQzFDsB8q7lmJu+2z9DeChePjh9gZhwelb n16sbUccK84EWxQpD7Gml+1skraimm8nu7ibGy6xL6y96Wwufyp26kIGxZbRxX0q m4bLdtG3++HcsrgTZHwPNjKvT8MiVDlyReLWdRbIzLpWCoBIVFU6uL7PK1wVYYqX 4s1yvkf57h4Dy715vq4qxbgEd5hmuPE06EjB1A+2Jv64e+O4ijca1xlXdebr1BFP W7WA01jgICbMW4qcP1e2zlXqDwYKFJn/sodgIPO0nc28oetco1CXdXHMd/yVKFfR Aj7a6DQfudO8XWNgiuXRHahrlTEEbCNBREP2OTqO5sQE4hftwBPlE7XcDfTu/8NG IVPfJ6GIhaflJrPP+nMsm3FPQjQ+L3eK4hANEurzUwH4FXZkoA8OwGDEuv4jXZF1 PLzvMNmwthCdj+6D8jSjoJ2Pg44SXp1if+cwTIrBlMLIpGGUcoP9RmUSRPpdlD/o geifBrjtkfWqNwZiGzL8uKny8co0g5VC0Rle8wj/ngCOruzud7k3qzL8BiRn1mFB yuxOjnh1TbrHQSOg2IFy =wNiw -----END PGP SIGNATURE-----