I like this idea. The advisory repo looks like it's being kept up to date by https://github.com/osv-robot which as far as I can tell looks like a Google-run bot. Is the source for that bot available somewhere? Will a non-Googler be able to continue to maintain this repo if Google chooses to stop sponsoring the work? - e On 2021-05-24 09:27, Dustin Ingram wrote:
(Based on discussion at https://discuss.python.org/t/proposing-a-community-maintained-database-of-py...)
I propose the creation of a project in the PyPA organization: https://github.com/pypa/advisory-db which will be a community maintained database of PyPI package vulnerabilities.
Please vote! +1 from me. _______________________________________________ PyPA-Committers mailing list -- pypa-committers@python.org To unsubscribe send an email to pypa-committers-leave@python.org https://mail.python.org/mailman3/lists/pypa-committers.python.org/ Member address: ehashman@debian.org