1.27. I believe that I found a sensitive security bug in Mailman -- who do I contact?
From Barry Warsaw:
As a general rule, you can post security issues to firstname.lastname@example.org, which is a closed distribution list.
Please do not otherwise discuss sensitive security issues on any public mailing list, until such time as an official announcement has been made, including availability of a patch, etc....
Even if the issue has been publicly discussed in other forums, you should wait for the official announcements before discussing them publicly, whether on mailman-users, mailman-developers, or elsewhere.
Last changed on Mon Feb 14 23:10:17 2005 by Brad Knowles Converted from the Mailman FAQ Wizard
This is one of many Frequently Asked Questions.