Page MenuHome GnuPG

clean up note on bug reporting form
Closed, ResolvedPublic

Description

The "Report a Bug" form here on phabricator (https://dev.gnupg.org/maniphest/task/edit/form/3/) has an "IMPORTANT" note that is ill-formed. It says:

please write to security 'at' gnupg.org to ask for advice and our encryption kes

That should at least be "keys" and not "kes" -- but if we want to provide keys, we should provide an automatic way to retrieve them (a link to a local file, something in the source code, etc) rather than hoping that a security reporter will invest in a multi-round-trip e-mail exchange to first get the keys and then send the notification.

please make it easy for bug reporters to do so securely!

Event Timeline

justus triaged this task as Normal priority.

I fixed the typo. The actual process is the same as described in https://www.gnupg.org/documentation/bts.html, see also T3074.

dkg added a project: gpgweb.

I don't see how this duplicates T3074. If the web form is going to encourage people to ask for the team's encryption keys, it should just provide the encryption keys directly.

the fact that the same process bug is present in https://www.gnupg.org/documentation/bts.html doesn't mean it's not a bug :)

I'm adding the gpgweb tag here to indicate that it's a bug in https://www.gnupg.org/documentation/bts.html as well.

There are no team encryption keys, that's the problem. So there is at least a dependency between the tasks, as we can't document what we don't have.

marcus renamed this task from https://dev.gnupg.org/ -- clean up IMPORTANT note on bug reporting form to clean up note on bug reporting form.Aug 16 2017, 5:15 PM
marcus removed marcus as the assignee of this task.
marcus added a subscriber: marcus.
werner claimed this task.