Sounds like we've got consensus on the mailing list names, then. The address for submitting bug reports will be [EMAIL PROTECTED], and the security bug group private mailing list will be [EMAIL PROTECTED] If I don't hear any objections, I will modify the policy accordingly.
Where should the two pages (the policy and the Known Vulnerabilities page) live on Mozilla? I leave that to staff to decide. Are there any other issues that need to be worked out? Please bring them up before Friday. -Mitch