If you discover a security vulnerability, we'd appreciate a non-public disclosure. The issue tracker and systemd-devel mailing list are fully public. If you need to reach systemd developers in a non-public way, report the issue to the systemd-security@redhat.com mailing list. The disclosure will be coordinated with distributions.