I wasn't able to find the security@ alias, otherwise would've emailed y'all there. I didn't hear back before publication but happy to make any corrections if needed. I'm also willing to include a statement from Coreboot if you want to send one over.
On Sun, Dec 8, 2019 at 1:40 PM David Hendricks david.hendricks@gmail.com wrote:
On Sun, Dec 8, 2019 at 12:00 AM Mike Banon mikebdp2@gmail.com wrote:
Yes, feel free to send more advanced questions to this list, would be an interesting discussion!
Looks like the article has already gone out: https://the-parallax.com/2019/12/06/bootloader-security-pacsec/
In any case, if there are undisclosed vulnerabilities or any other urgent security issue that requires an immediate fix then please notify security@coreboot.org (also mentioned on the coreboot.org homepage).
For general inquiries then this mailing list is fine.