[arch-security] How to properly report vulnerabilities
Karol Blazewicz
karol.blazewicz at gmail.com
Mon Jul 7 16:33:14 EDT 2014
On Sun, Jul 6, 2014 at 6:30 PM, Billy McCann <thebillywayne at gmail.com> wrote:
> Also, recall Alan's instructions. Do not post private bugs to the ML,
> as the ML itself is open, IIRC. Use the email that Alan provided.
>
> ||If you have a private bug to report, then use security at archlinux.org.
I think security at archlinux.org is a ML as well.
I wasn't referring to the arch-security ML, but it wasn't clear from
my e-mail. Sorry about it.
> On Sun, Jul 6, 2014 at 10:52 AM, Billy McCann <thebillywayne at gmail.com> wrote:
>> || Should I add a warning to the wiki not to report private bugs to the
>> || bug tracker but to the ML?
>>
>> I would encourage you to. It need not be listed as a"warning." A
>> special section added to the Procedure section, in my opinion, would
>> be sufficient.
Done: https://wiki.archlinux.org/index.php?title=Arch_CVE_Monitoring_Team&diff=323962&oldid=320604
More information about the arch-security
mailing list