[security-priv] Is this security-priv private email useful / used?

[Greg Troxel]

If this is for nonpublic reports of security problems, then agreed it
may not make sense, in favor of multiple per-project aliases.

I don't think it's good to publish invidual email addresses as security
contacts, from a stabilty-of-published-info viewpoint, as well as tone
for liability control.   So I'm not sure that the alternative plan is.

There's another semi-need, which this list apparently wasn't serving,
which is private communication from project maintainers to packagers,
for coordinating coordinated releases.  For various projects, I have
received advance notice of releases, and sometimes the actual bits, not
yet in a public repo, under embargo for me to test and get packages
ready so I can push them the hour the release comes out.  Sometimes it's
email, and for one, it's an invitation-only encrypted matrix room.

The history of osgeo stuff leads one not to expect a lot of such
activity, and I'm not saying there needs to be a big kerfluffle - just
pointing out a related issue.