+The `OSS security private mailing list mailto:distros@vs.openwall.org>` will
+also be contacted one week before the end of the embargo, as indicated by `the
+OSS-security process <https://oss-security.openwall.org/wiki/mailing-lists/distros>`
+and using the PGP key listed on the same page, describing the details of the
+vulnerability and sharing the patch[es]. Distributions and major vendors follow
+this private mailing list, and it functions as a single point of contact for
+embargoed advance notices for open source projects.
+