In light of the past days of fun and games, we’ve started a new mailing list focused entirely around security. This list will be much lower volume than the main list and be exclusively about security concerns. You can signup at the rails-security mailing list page.
UPDATE: This an announce only list. So you won’t get spammed unless it matters.