Dennis E. Hamilton wrote on Wed, Jul 06, 2011 at 12:02:31 -0700: > I've learned that the Apache approach is for each PMC taking the lead > in handling security matters related to its releases. To maintain the > security of security matters, the practice is to have a private list > (for us, ooo-security) with not more than ten security-aware > subscribers.
I've never heard of a magic number cap to the # of subscribers of a mailing list.