If you discover a security vulnerability, we'd appreciate a non-public disclosure. systemd developers can be contacted privately on the systemd-security@redhat.com mailing list. The disclosure will be coordinated with distributions.

(The issue tracker and systemd-devel mailing list are fully public.)