>Brother, it is a simple email to a mailing list.

just as a note, its not as simple as firing off an email to linux-distros and calling it a day.

qualys, one of the big firms (10,000+ customers across 130 countries. i.e. "professional researchers"), has even taken a stance against emailing linux-distros because of the restrictions and policies involved:

    > Although contacting the linux-distros list has been clearly beneficial
    > (they have thoroughly reviewed and tested the patches, and were able to
    > prepare their kernel updates beforehand), we have reached the conclusion
    > that it has become increasingly difficult to coordinate the disclosure
    > of kernel vulnerabilities with both groups (the Linux kernel security
    > team and the linux-distros list), because they have very different
    > policies. From now on, we will coordinate the disclosure of kernel
    > vulnerabilities with the Linux kernel security team only. We also
    > apologize in advance for this.