Launchpad should encrypt all mails for security bugs
Bug #1545503 reported by
halfdog
This bug report is a duplicate of:
Bug #3165: Launchpad sends (unencrypted) mail notifications about private assets.
Edit
Remove
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Launchpad itself |
New
|
Undecided
|
Unassigned | ||
Bug Description
As it would be the most natural thing for larger and more intrusive governments (those with capabilities to monitor large amount of network traffic) to just record all mails from large-scale Linux distribution collaboration and issue tracking systems containing the keyword "security", and as this is very cheap way to get to near-zero day material, I would assume, that this is already done. This is like serving them zero days on a golden plate.
Hence the platform should be modified to send security issues only in encrypted mails without talkative title, members without mail public key registered should get only message "Bug [Number]: Info changed" including the HTTPS link to the issue in the
platform.
| information type: | Private Security → Public Security |
To post a comment you must log in.
