Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#47935 - create and publish a GPG key for the security@archlinux.org contact
Attached to Project:
Arch Linux
Opened by Jens Adam (byte) - Friday, 29 January 2016, 10:46 GMT
Last edited by Allan McRae (Allan) - Saturday, 20 February 2016, 02:28 GMT
Opened by Jens Adam (byte) - Friday, 29 January 2016, 10:46 GMT
Last edited by Allan McRae (Allan) - Saturday, 20 February 2016, 02:28 GMT
|
DetailsThe recent discussion about the purpose/usage/moderation of the arch-security mailing list reminded me of the security@a.o alias, see https://lists.archlinux.org/pipermail/arch-security/2014-June/000088.html and https://lists.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html
Now if someone really wanted to report an issue which shouldn't appear in public archives or bug trackers, then that address should have a corresponding GPG key -- one that's published on keyservers (with a couple of developer signatures) and a bit of info (with the key fingerprint) somewhere in the wiki or on the Arch homepage. |
This task depends upon
Comment by Doug Newgard (Scimmia) -
Monday, 01 February 2016, 16:35 GMT
When reporting a bug, there's a checkbox on the left for "Private". Is that available to a normal user? If so, that does the job you're asking for.
Comment by Jens Adam (byte) -
Monday, 01 February 2016, 16:52 GMT
Nope, never seen such checkbox for any flyspray projects here.
Comment by Allan McRae (Allan) -
Saturday, 20 February 2016, 02:28 GMT
This is more difficult than it appears... that email address goes to several people. People can contact security@archlinux without providing details and request an email(s) with signing keys to send more information to.