(I responded to Elana's questions here: https://discuss.python.org/t/proposing-a-community-maintained-database-of-py... ) On Mon, May 24, 2021 at 6:31 PM Dustin Ingram <di@python.org> wrote:
Great question, would you mind asking it at https://discuss.python.org/t/proposing-a-community-maintained-database-of-py... instead? If not, do you mind if I copy/paste it there for the benefit of folks not on this private mailing list?
On Mon, May 24, 2021 at 6:08 PM Elana Hashman <ehashman@debian.org> wrote:
I like this idea.
The advisory repo looks like it's being kept up to date by https://github.com/osv-robot which as far as I can tell looks like a Google-run bot. Is the source for that bot available somewhere? Will a non-Googler be able to continue to maintain this repo if Google chooses to stop sponsoring the work?
- e
On 2021-05-24 09:27, Dustin Ingram wrote:
(Based on discussion at https://discuss.python.org/t/proposing-a-community-maintained-database-of-py... )
I propose the creation of a project in the PyPA organization: https://github.com/pypa/advisory-db which will be a community maintained database of PyPI package vulnerabilities.
Please vote! +1 from me.
_______________________________________________ PyPA-Committers mailing list -- pypa-committers@python.org To unsubscribe send an email to pypa-committers-leave@python.org https://mail.python.org/mailman3/lists/pypa-committers.python.org/ Member address: ehashman@debian.org