-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello Karol,
The "procedure" section of [1] says that. However, it only pertains ACMT members. I think any other user could do the same. [1] https://wiki.archlinux.org/index.php/Arch_CVE_Monitoring_Team Regards, Noel Kuntze GPG Key id: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 Am 28.06.2014 18:23, schrieb Karol Blazewicz: > Should I open a bug report saying that e.g. some Arch package has > certain vulnerability, mark the report as critical and wait for > someone to set it as private? How do we deal with such sensitive > information? > > I've looked in the wiki, but neither > https://wiki.archlinux.org/index.php/Arch_CVE_Monitoring_Team nor > https://wiki.archlinux.org/index.php/CVE-2014 has any info on this. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTru48AAoJEDg5KY9j7GZYoE4P/2wtxFqIDkE0nm5y1saORThy A7eI91nrMhZ4hOlUNc3oa0FHdgocxP3zNnIj/iMpxwNOoFt3FLBfKwWsLzNBJFEE Lwrg8dwIW+QaGZ9PXVZTHc7J+cmbDqyQzFDsB8q7lmJu+2z9DeChePjh9gZhwelb n16sbUccK84EWxQpD7Gml+1skraimm8nu7ibGy6xL6y96Wwufyp26kIGxZbRxX0q m4bLdtG3++HcsrgTZHwPNjKvT8MiVDlyReLWdRbIzLpWCoBIVFU6uL7PK1wVYYqX 4s1yvkf57h4Dy715vq4qxbgEd5hmuPE06EjB1A+2Jv64e+O4ijca1xlXdebr1BFP W7WA01jgICbMW4qcP1e2zlXqDwYKFJn/sodgIPO0nc28oetco1CXdXHMd/yVKFfR Aj7a6DQfudO8XWNgiuXRHahrlTEEbCNBREP2OTqO5sQE4hftwBPlE7XcDfTu/8NG IVPfJ6GIhaflJrPP+nMsm3FPQjQ+L3eK4hANEurzUwH4FXZkoA8OwGDEuv4jXZF1 PLzvMNmwthCdj+6D8jSjoJ2Pg44SXp1if+cwTIrBlMLIpGGUcoP9RmUSRPpdlD/o geifBrjtkfWqNwZiGzL8uKny8co0g5VC0Rle8wj/ngCOruzud7k3qzL8BiRn1mFB yuxOjnh1TbrHQSOg2IFy =wNiw -----END PGP SIGNATURE-----
