Hi,
> On 04/01/2019 01:02, Florian Zumbiehl via Exim-dev wrote:
> > may I suggest you put that on the
> > website somewhere?
>
> It was already there, at https://bugs.exim.org/enter_bug.cgi
That page only tells me that "Bugzilla needs a legitimate login and
password to continue.". Clicking around on that page, I now found that the
security report address is mentioned on
https://bugs.exim.org/describecomponents.cgi, which is linked as "Browse"
in the header and footer of the bug tracker page. Which is pretty
counterintuitive: When looking for a way to report a vulnerability that
maybe shouldn't be published for the time being, I probably won't be
browsing the public bugs.
And in any case, what I can say is that as a matter of fact I didn't find
it when I needed it, even if you think that I should have.
Regards, Florian