RE: [drupal-devel] security "official"

-----Original Message----- From: drupal-devel-bounces@drupal.org

To avoid future problems with security hole reporting, I'd advice creating a security-team@drupal.org (or sg like that) address and advocating it on drupal.org homepage or at least on the Support page.

+1 on this. see parts of http://drupal.org/node/1639 posted nearly 2 years ago. may I suggest altering the email address to security @ drupal.org instead of the team part.