On Sat, Jun 28, 2014 at 11:35 PM, Allan McRae <[email protected]> wrote: > On 29/06/14 02:23, Karol Blazewicz wrote: >> Should I open a bug report saying that e.g. some Arch package has >> certain vulnerability, mark the report as critical and wait for >> someone to set it as private? How do we deal with such sensitive >> information? >> >> I've looked in the wiki, but neither >> https://wiki.archlinux.org/index.php/Arch_CVE_Monitoring_Team nor >> https://wiki.archlinux.org/index.php/CVE-2014 has any info on this. >> > > If you have a private bug to report, then use [email protected]. > If the bug is public, just file a bug report. > > Allan >
Should I add a warning to the wiki not to report private bugs to the bug tracker but to the ML?
