Somebody on IRC had a security issue they wanted to get to somebody.
Looking around the site I didn't find any mention of security@postgresql.org anywhere obvious. I knew what I was
lookingfor, so found it via Support -> Bug Reporting -> bug reporting guidelines -> right down at the bottom of the
manualpage.
Might it be worth adding a section to /about/contact/ with either a pointer to security@postgresql.org or to a snippet
oftext taken from the "5.3 Where to Report Bugs" section of the manual?
Separately, adding /security.txt and /.well-known/security.txt might be a good idea - while the RFC draft for it (
https://securitytxt.io) isn't particularly mature, it is a place where infosec people will look. And it's basically a
textfile with a few urls and some human readable comments, so it's easy enough to create.
Cheers,
Steve