From Linus Torvalds <> Date Fri, 9 Mar 2018 13:15:31 -0800 Subject Re: [PATCH] [v2] docs: clarify security-bugs disclosure policy On Fri, Mar 9, 2018 at 12:45 PM, Alan Cox <gnomes@lxorguk.ukuu.org.uk> wrote:

>

> If you want to be taken seriously then I think minimum you also need to

> - Give a GPG key for messages to the list



Oh, I don't want to be taken seriously by people who use gpg encrypted email.



It's garbage and should be shunned as such.



I keep quoting this:



https://motherboard.vice.com/en_us/article/vvbw9a/even-the-inventor-of-pgp-doesnt-use-pgp



and anybody who thinks pgp encrypted email is fine is a clown.



> - State what security is in place (encryption etc) to protect the list

> itself



That could be stated, but it's worth noting the other rules.



If you have some long corrupt vendor disclosure period and are worried

about any good guys finding out (the bad guys probably already have

it), we're not the list for you anyway.



Keep your "we'll keep security problems under wraps so that they can

be exploited for a long time" emails to yourself, or send them to

/dev/null.



Linus



