File it in the JIRA, and mark the Security Level as "Security Vulnerability Disclosure". This way the committer team will see it, but nobody else will.
/Janne On 11 Jan 2008, at 21:32, Florian Holeczek wrote:
Hi all, especially Janne, supposed one has found a really bad security bug, what to do? Mail it on the dev-list? Enter it into JIRA? Regards, Florian
