2019-10-25 - Giancarlo Razzolini

Today, one email was sent to the arch-announce mailing list that was able to circumvent the whitelisting checks that are done by the mailman software. This was not due to unauthorized access and no Arch Linux servers were compromised.

We have implemented measures to make sure this does not happen again, by using mailman's poster password feature. We are also making sure, these simple whitelist checks are not used anywhere else.

Edited to add: There was a second email that was also sent today, in order to make sure the poster password feature was working. That email did not circumvent any check and was intentionally sent.