[arch-devops] security at archlinux.org address

Eli Schwartz eschwartz at archlinux.org
Mon Feb 18 18:21:09 UTC 2019 

On 2/18/19 1:08 PM, Daniel M. Capella via arch-devops wrote:
> On February 18, 2019 4:57:16 AM EST, Morten Linderud via arch-devops <arch-devops at lists.archlinux.org> wrote:
>> On Mon, Feb 18, 2019 at 04:48:57AM -0500, Daniel M. Capella via
>> arch-devops wrote:
>>> https://securitytxt.org/
>>
>> It would be a bit benefitial if you made an argument instead of posting
>> a link.
> 
> Learned about it after a check for that file was added to twa[]. Shared as it was relevant.

You shared a contextless link without explaining why it is relevant.

Actually, you're still asserting that it is relevant without explaining
why it is relevant -- this is particularly intriguing given that it
seems other people are counter-asserting that it is not relevant.

>> https://news.ycombinator.com/item?id=19152145
> 
> As we're requiring encrypted communications (IIUC), it looks like that's been a fairly effective barrier.

Do we require encrypted communications? Or was that simply recommended
to other people being brought as comparisons?

Either way -- filtering the emails for encrypted communications is still
a nonzero task. Why engage in additional efforts to support this
security.txt thing, when assertations have been made that it is not
beneficial at all, and furthermore, the *location* where the list of
security contacts is stored is entirely offtopic in this discussion
about unifying the actual contacts to list, as a method of preventing
leakage and other confusion when members are added and removed from that
list, and/or the potential for people with outdated information to
encrypt data to a recipient that is no longer supposed to have access to
such information.

-- 
Eli Schwartz
Bug Wrangler and Trusted User

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1597 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-devops/attachments/20190218/33bfce9b/attachment.sig>

More information about the arch-devops mailing list