Does the Caddy project have a particular policy currently in place as to how it communicates potential important security announcements specifically?
While it seems as though security is very important to the project’s maintainers, and it being very open to security reports and advisories, I was not able to find an easy way to retrieve past / be notified of future announcements of that sort.
Currently the only option I see is careful review of all releases, as soon as they come out. But that’s not always possible.
I have seen other projects who offer RSS feeds or forum topic category dedicated to Security Announcements. Is there such a thing for Caddy and if not have you considered creating one? An easy way to subscribe to very important announcements is an easy way to efficiently communicate with users on these issues.