[arch-devops] security at archlinux.org address
eschwartz at archlinux.org
Mon Feb 18 18:21:09 UTC 2019
On 2/18/19 1:08 PM, Daniel M. Capella via arch-devops wrote:
> On February 18, 2019 4:57:16 AM EST, Morten Linderud via arch-devops <arch-devops at lists.archlinux.org> wrote:
>> On Mon, Feb 18, 2019 at 04:48:57AM -0500, Daniel M. Capella via
>> arch-devops wrote:
>> It would be a bit benefitial if you made an argument instead of posting
>> a link.
> Learned about it after a check for that file was added to twa. Shared as it was relevant.
You shared a contextless link without explaining why it is relevant.
Actually, you're still asserting that it is relevant without explaining
why it is relevant -- this is particularly intriguing given that it
seems other people are counter-asserting that it is not relevant.
> As we're requiring encrypted communications (IIUC), it looks like that's been a fairly effective barrier.
Do we require encrypted communications? Or was that simply recommended
to other people being brought as comparisons?
Either way -- filtering the emails for encrypted communications is still
a nonzero task. Why engage in additional efforts to support this
security.txt thing, when assertations have been made that it is not
beneficial at all, and furthermore, the *location* where the list of
security contacts is stored is entirely offtopic in this discussion
about unifying the actual contacts to list, as a method of preventing
leakage and other confusion when members are added and removed from that
list, and/or the potential for people with outdated information to
encrypt data to a recipient that is no longer supposed to have access to
Bug Wrangler and Trusted User
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1597 bytes
Desc: OpenPGP digital signature
More information about the arch-devops