-----BEGIN PGP SIGNED MESSAGE-----
The CERT Coordination Center periodically reports known software vulnerabilities to linux distribution vendors such as yourself to coordinate widespread disclosure of vulnerabilities and uptake of patches.
We're updating our records and noticed we do not have a good way to contact Alpine Linux. We want to ensure we can reach you with timely information in case of a widespread vulnerability affecting linux.
What is the preferred email address for reporting software vulnerabilities to the Alpine team? We sometimes wish to report these issues privately (not on a public tracker) before they are disclosed, so ideally this would not be a bugtracker or email list.
In either case, is there a PGP key we could use to encrypt these reports to you? We rely on PGP to safeguard vulnerability information prior to disclosure.
For more information about our process of coordinating vulnerability disclosures, please see <https://vuls.cert.org
>. Please let me know if you have any questions.
When replying, please ensure VCALL-866 is in the subject line of your email.
Vulnerability Analysis Team
CERT Coordination Center (CERT/CC)
A division of:
Software Engineering Institute
Carnegie Mellon University
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
-----END PGP SIGNATURE-----
Received on Fri May 05 2017 - 11:43:56 UTC