Security point of contact

[Cym13]

Yop.

I need to discuss an issue related to dub. No need to alarm 
everyone yet, that only concerns 1.3% of dub projects, but still 
it's something that shouldn't be taken lightly.

Who should I contact?

I'd very very much like to have something like a 
security at dlang.org for such things, it's not the first and likely 
not the last time this need arises, and the lack of a clear 
procedure doesn't encourage coordinated disclosure.