there doesn't appear to be a mailing list specifically for (security) announcements ?
e.g. we are using this ftp server in production in our DMZ and according to PCI requirements, we need to patch security vulnerabilities of "vendor supplied software" within 30 days in the above scenario, admins need to subscribe for the purpose of being informed of new releases, in order to check the release notes to see if any security related issues dictate an upgrade best e