On Wed, 16 Sep 2020 at 12:10, Stefan Hajnoczi <stefa...@gmail.com> wrote: > I think it's worth investigating whether GitLab Issues can be configured > in a secure-enough way for security bug reporting. That way HTTPS is > used and only GitLab stores the confidential information (this isn't > end-to-end encryption but seems better than unencrypted SMTP and > plaintext emails copied across machines).
Given that we currently use launchpad for bugs we should also look at whether launchpad's "private security" bug classification would be useful for us (currently such bug reports effectively go to /dev/null but this can be fixed). thanks -- PMM
