1.27. I believe that I found a sensitive security bug in Mailman – who do I contact?
From Barry Warsaw:
As a general rule, you can post security issues to firstname.lastname@example.org, which is a closed distribution list.
Please do not otherwise discuss sensitive security issues on any public mailing list, until such time as an official announcement has been made, including availability of a patch, etc....
Even if the issue has been publicly discussed in other forums, you should wait for the official announcements before discussing them publicly, whether on mailman-users, mailman-developers, or elsewhere.
Converted from the Mailman FAQ Wizard
This is one of many Frequently Asked Questions.