Alan<br><br>You have a point about not making it easy in the commit message.<br><br>But even if we do that, what is the solution to notifying legitimate<br>users (via RSS, email list), but not the black hats?<br><br>We still have to tag releases as security, and issue SAs.
<br><br>There is no way we can hide that AND inform legitimate users WITHOUT<br>the black hats knowing.<br>