# Reporting of Security Vulnerabilities
If you discover a security vulnerability, we'd appreciate a non-public disclosure.
-systemd developers can be contacted privately on the **[systemd-security@redhat.com](mailto:systemd-security@redhat.com) mailing list**.
+systemd developers can be contacted privately by creating a new **[Security Advisory on GitHub](https://github.com/systemd/systemd/security/advisories/new)**
+or via the **[systemd-security@redhat.com](mailto:systemd-security@redhat.com) mailing list**.
The disclosure will be coordinated with distributions.
(The [issue tracker](https://github.com/systemd/systemd/issues) and [systemd-devel mailing list](https://lists.freedesktop.org/mailman/listinfo/systemd-devel) are fully public.)
-Subscription to the systemd-security mailing list is open to **regular systemd contributors and people working in the security teams of various distributions**.
+Subscription to the Security Advisories and/or systemd-security mailing list is open to **regular systemd contributors and people working in the security teams of various distributions**.
Those conditions should be backed by publicly accessible information (ideally, a track of posts and commits from the mail address in question).
-If you fall into one of those categories and wish to be subscribed, submit a **[subscription request](https://www.redhat.com/mailman/listinfo/systemd-security)**.
+If you fall into one of those categories and wish to be subscribed,
+contact the maintainers or submit a **[subscription request](https://www.redhat.com/mailman/listinfo/systemd-security)**.
projects / thirdparty / systemd.git / commitdiff
