[arch-security] How to properly report vulnerabilities

Karol Blazewicz karol.blazewicz at gmail.com
Mon Jul 7 16:33:14 EDT 2014

On Sun, Jul 6, 2014 at 6:30 PM, Billy McCann <thebillywayne at gmail.com> wrote:
> Also, recall Alan's instructions.  Do not post private bugs to the ML,
> as the ML itself is open, IIRC.  Use the email that Alan provided.
> ||If you have a private bug to report, then use security at archlinux.org.

I think security at archlinux.org is a ML as well.
I wasn't referring to the arch-security ML, but it wasn't clear from
my e-mail. Sorry about it.

> On Sun, Jul 6, 2014 at 10:52 AM, Billy McCann <thebillywayne at gmail.com> wrote:
>> ||  Should I add a warning to the wiki not to report private bugs to the
>> ||  bug tracker but to the ML?
>> I would encourage you to.  It need not be listed as a"warning."  A
>> special section added to the Procedure section, in my opinion, would
>> be sufficient.

Done: https://wiki.archlinux.org/index.php?title=Arch_CVE_Monitoring_Team&diff=323962&oldid=320604

More information about the arch-security mailing list