Please create a mesa-security mailing list. It should be private, and should only be read by core Mesa developers (not me!). Ideally it should be the default assignee for Mesa security bugs. At least, the default assignee for Mesa security bugs should not be a public mailing list like it currently is.
Sending information about security bugs to a PUBLIC MAILING LIST by default completely defeats the purpose of the "security bugs" feature.
idr: X.Org has this with xorg-security, which is a private (invite-only) list with private archives. Seems to have worked pretty well for us.
idr: Think you could do something more helpful and provide, say, a list of people who should be on the list?
Ping, anyone?
A private security list sounds OK to me but let's see if anyone else is still interested. I'd like to be on list.
Any luck getting a list of names? I guess at the moment it'd be at least Emil and jasuarez?
Closing as incomplete. If someone ever actually wants this in future, they can reopen it.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.