On 29/06/14 02:23, Karol Blazewicz wrote: > Should I open a bug report saying that e.g. some Arch package has > certain vulnerability, mark the report as critical and wait for > someone to set it as private? How do we deal with such sensitive > information? > > I've looked in the wiki, but neither > https://wiki.archlinux.org/index.php/Arch_CVE_Monitoring_Team nor > https://wiki.archlinux.org/index.php/CVE-2014 has any info on this. >
If you have a private bug to report, then use [email protected]. If the bug is public, just file a bug report. Allan
