As a consumer of the list, i would actually prefer that it was closed. I want emails only when they are official security announcements from arch security team. Thanks for asking. Keep up the good work!
ps. IMHO, the mailing lists rules, etiquette, best practices, how to report a security issue through proper channels, etc would be nice to have on the wiki or on lists.archlinux.org. The description for arch-security will probably need to be updated there too. Otherwise, people may get chatised for things that aren't documented in the expected places.
