Inquiry: Country of Origin for Bandit
Hello, my name is Cynthia Zhang and I am a Supply Chain Risk Management Analyst at NASA. NASA is currently conducting a supply chain assessment of Bandit. We are interested in confirming the following information: 1. Is there an organization which sponsors/publishes the project, or a primary developer who audits the code for potential vulnerabilities, errors, or malicious code? Y/N 2. Please list the country or list of countries where most contributions originate from. Thank you, Cynthia Zhang
Hi Cynthia, I am surprised to see that Bandit lists this email address as the owner of the project on PyPI, as this email address is just a mailing list, not an organisation. Looking at this page: https://meta.pycqa.org/introduction.html My understanding is that PyCQA is just an informal umbrella organisation for Open Source projects related to code quality. As I understand it, PyCQA is more like a club of people with similar interests than an actual legal entity. https://meta.pycqa.org/management.html Any PyCQA people reading this? Please let me know if I have got this wrong. I think that it is fair to say that neither this email address, nor the PyCQA group, nor the Python Software Foundation (PSF), are owners of the Bandit project. I think that you may need to contact the maintainers as listed on their PyPI project page: https://pypi.org/project/bandit/ -- Steve
participants (2)
-
Steven D'Aprano
-
Zhang, Cynthia X. (GSFC-710.0)[BOOZ ALLEN HAMILTON]