[arch-devops] security at archlinux.org address

Florian Pritz bluewind at xinu.at
Mon Feb 18 20:23:22 UTC 2019

On Mon, Feb 18, 2019 at 03:10:00PM +0100, Levente Polyak via arch-devops <arch-devops at lists.archlinux.org> wrote:
> However, the primary advantage we wanted to have solved on top are
> managed/subscribed reporting to CERT.

Sorry, I didn't know that. This is indeed a pretty good reason and I'm
much more inclined to agree that deploying this might be a good idea. If
someone wants to work on this (i.e. create ansible roles), I won't oppose.

Some question came to mind though: Do we actually need encryption there?
Do they send important/zero-day/private issues or do they just send some
form of advisory about already public problems? Or do they require a GPG
key before they add you to their contact list?

Also, could you give a rough estimate of how many mails per day/month/year
we are talking about and how many different senders are involved?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-devops/attachments/20190218/ff4a1854/attachment-0001.sig>

More information about the arch-devops mailing list