+1 On Mon, May 24, 2021 at 12:27 PM Dustin Ingram wrote:

(Based on discussion at https://discuss.python.org/t/proposing-a-community-maintained-database-of-py... )

I propose the creation of a project in the PyPA organization: https://github.com/pypa/advisory-db which will be a community maintained database of PyPI package vulnerabilities.

Please vote! +1 from me. _______________________________________________ PyPA-Committers mailing list -- pypa-committers@python.org To unsubscribe send an email to pypa-committers-leave@python.org https://mail.python.org/mailman3/lists/pypa-committers.python.org/ Member address: trishank.kuppusamy@datadoghq.com

I like this idea. The advisory repo looks like it's being kept up to date by https://github.com/osv-robot which as far as I can tell looks like a Google-run bot. Is the source for that bot available somewhere? Will a non-Googler be able to continue to maintain this repo if Google chooses to stop sponsoring the work? - e On 2021-05-24 09:27, Dustin Ingram wrote:

(Based on discussion at https://discuss.python.org/t/proposing-a-community-maintained-database-of-py...)

I propose the creation of a project in the PyPA organization: https://github.com/pypa/advisory-db which will be a community maintained database of PyPI package vulnerabilities.

Please vote! +1 from me. _______________________________________________ PyPA-Committers mailing list -- pypa-committers@python.org To unsubscribe send an email to pypa-committers-leave@python.org https://mail.python.org/mailman3/lists/pypa-committers.python.org/ Member address: ehashman@debian.org

On Mon, 2021-05-24 at 12:27 -0400, Dustin Ingram wrote:

(Based on discussion at https://discuss.python.org/t/proposing-a-community-maintained-database-of-py... )

I propose the creation of a project in the PyPA organization: https://github.com/pypa/advisory-db which will be a community maintained database of PyPI package vulnerabilities.

Please vote! +1 from me. _______________________________________________ PyPA-Committers mailing list -- pypa-committers@python.org To unsubscribe send an email to pypa-committers-leave@python.org https://mail.python.org/mailman3/lists/pypa-committers.python.org/ Member address: lains@riseup.net

+1 from me :) Filipe Laíns

+1 from me.

Thanks all. This vote succeeded with eleven +1's and zero -1's. On Mon, May 24, 2021 at 12:27 PM Dustin Ingram wrote:

(Based on discussion at https://discuss.python.org/t/proposing-a-community-maintained-database-of-py... )

I propose the creation of a project in the PyPA organization: https://github.com/pypa/advisory-db which will be a community maintained database of PyPI package vulnerabilities.

Please vote! +1 from me.