[VOTE] Create pypa/advisory-db
(Based on discussion at https://discuss.python.org/t/proposing-a-community-maintained-database-of-py... ) I propose the creation of a project in the PyPA organization: https://github.com/pypa/advisory-db which will be a community maintained database of PyPI package vulnerabilities. Please vote! +1 from me.
+1 On Mon, May 24, 2021 at 5:28 PM Dustin Ingram <di@python.org> wrote:
(Based on discussion at https://discuss.python.org/t/proposing-a-community-maintained-database-of-py... )
I propose the creation of a project in the PyPA organization: https://github.com/pypa/advisory-db which will be a community maintained database of PyPI package vulnerabilities.
Please vote! +1 from me. _______________________________________________ PyPA-Committers mailing list -- pypa-committers@python.org To unsubscribe send an email to pypa-committers-leave@python.org https://mail.python.org/mailman3/lists/pypa-committers.python.org/ Member address: gaborjbernat@gmail.com
+1 On Mon, May 24, 2021 at 12:27 PM Dustin Ingram <di@python.org> wrote:
(Based on discussion at https://discuss.python.org/t/proposing-a-community-maintained-database-of-py... )
I propose the creation of a project in the PyPA organization: https://github.com/pypa/advisory-db which will be a community maintained database of PyPI package vulnerabilities.
Please vote! +1 from me. _______________________________________________ PyPA-Committers mailing list -- pypa-committers@python.org To unsubscribe send an email to pypa-committers-leave@python.org https://mail.python.org/mailman3/lists/pypa-committers.python.org/ Member address: trishank.kuppusamy@datadoghq.com
+1 -- Cooper Ry Lees [e] me@cooperlees.com [m] +1 (650) 798 7815 [w] http://cooperlees.com/ On Mon, May 24, 2021 at 9:27 AM Dustin Ingram <di@python.org> wrote:
(Based on discussion at https://discuss.python.org/t/proposing-a-community-maintained-database-of-py... )
I propose the creation of a project in the PyPA organization: https://github.com/pypa/advisory-db which will be a community maintained database of PyPI package vulnerabilities.
Please vote! +1 from me. _______________________________________________ PyPA-Committers mailing list -- pypa-committers@python.org To unsubscribe send an email to pypa-committers-leave@python.org https://mail.python.org/mailman3/lists/pypa-committers.python.org/ Member address: me@cooperlees.com
I like this idea. The advisory repo looks like it's being kept up to date by https://github.com/osv-robot which as far as I can tell looks like a Google-run bot. Is the source for that bot available somewhere? Will a non-Googler be able to continue to maintain this repo if Google chooses to stop sponsoring the work? - e On 2021-05-24 09:27, Dustin Ingram wrote:
(Based on discussion at https://discuss.python.org/t/proposing-a-community-maintained-database-of-py...)
I propose the creation of a project in the PyPA organization: https://github.com/pypa/advisory-db which will be a community maintained database of PyPI package vulnerabilities.
Please vote! +1 from me. _______________________________________________ PyPA-Committers mailing list -- pypa-committers@python.org To unsubscribe send an email to pypa-committers-leave@python.org https://mail.python.org/mailman3/lists/pypa-committers.python.org/ Member address: ehashman@debian.org
Great question, would you mind asking it at https://discuss.python.org/t/proposing-a-community-maintained-database-of-py... instead? If not, do you mind if I copy/paste it there for the benefit of folks not on this private mailing list? On Mon, May 24, 2021 at 6:08 PM Elana Hashman <ehashman@debian.org> wrote:
I like this idea.
The advisory repo looks like it's being kept up to date by https://github.com/osv-robot which as far as I can tell looks like a Google-run bot. Is the source for that bot available somewhere? Will a non-Googler be able to continue to maintain this repo if Google chooses to stop sponsoring the work?
- e
On 2021-05-24 09:27, Dustin Ingram wrote:
(Based on discussion at https://discuss.python.org/t/proposing-a-community-maintained-database-of-py... )
I propose the creation of a project in the PyPA organization: https://github.com/pypa/advisory-db which will be a community maintained database of PyPI package vulnerabilities.
Please vote! +1 from me.
_______________________________________________ PyPA-Committers mailing list -- pypa-committers@python.org To unsubscribe send an email to pypa-committers-leave@python.org https://mail.python.org/mailman3/lists/pypa-committers.python.org/ Member address: ehashman@debian.org
(I responded to Elana's questions here: https://discuss.python.org/t/proposing-a-community-maintained-database-of-py... ) On Mon, May 24, 2021 at 6:31 PM Dustin Ingram <di@python.org> wrote:
Great question, would you mind asking it at https://discuss.python.org/t/proposing-a-community-maintained-database-of-py... instead? If not, do you mind if I copy/paste it there for the benefit of folks not on this private mailing list?
On Mon, May 24, 2021 at 6:08 PM Elana Hashman <ehashman@debian.org> wrote:
I like this idea.
The advisory repo looks like it's being kept up to date by https://github.com/osv-robot which as far as I can tell looks like a Google-run bot. Is the source for that bot available somewhere? Will a non-Googler be able to continue to maintain this repo if Google chooses to stop sponsoring the work?
- e
On 2021-05-24 09:27, Dustin Ingram wrote:
(Based on discussion at https://discuss.python.org/t/proposing-a-community-maintained-database-of-py... )
I propose the creation of a project in the PyPA organization: https://github.com/pypa/advisory-db which will be a community maintained database of PyPI package vulnerabilities.
Please vote! +1 from me.
_______________________________________________ PyPA-Committers mailing list -- pypa-committers@python.org To unsubscribe send an email to pypa-committers-leave@python.org https://mail.python.org/mailman3/lists/pypa-committers.python.org/ Member address: ehashman@debian.org
On Mon, May 24, 2021 at 6:28 PM Dustin Ingram <di@python.org> wrote:
(Based on discussion at https://discuss.python.org/t/proposing-a-community-maintained-database-of-py...)
I propose the creation of a project in the PyPA organization: https://github.com/pypa/advisory-db which will be a community maintained database of PyPI package vulnerabilities.
Please vote! +1 from me.
+1 -- Warm regards, Sviatoslav Sydorenko Software Hacker @ Ansible Core --- https://useplaintext.email/ () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments ---
+1 On Mon, May 24, 2021 at 6:34 PM Sviatoslav Sydorenko <webknjaz@redhat.com> wrote:
On Mon, May 24, 2021 at 6:28 PM Dustin Ingram <di@python.org> wrote:
(Based on discussion at https://discuss.python.org/t/proposing-a-community-maintained-database-of-py... )
I propose the creation of a project in the PyPA organization: https://github.com/pypa/advisory-db which will be a community maintained database of PyPI package vulnerabilities.
Please vote! +1 from me.
+1
-- Warm regards, Sviatoslav Sydorenko
Software Hacker @ Ansible Core
--- https://useplaintext.email/ () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments ---
_______________________________________________ PyPA-Committers mailing list -- pypa-committers@python.org To unsubscribe send an email to pypa-committers-leave@python.org https://mail.python.org/mailman3/lists/pypa-committers.python.org/ Member address: me@thea.codes
On Mon, 2021-05-24 at 12:27 -0400, Dustin Ingram wrote:
(Based on discussion at https://discuss.python.org/t/proposing-a-community-maintained-database-of-py... )
I propose the creation of a project in the PyPA organization: https://github.com/pypa/advisory-db which will be a community maintained database of PyPI package vulnerabilities.
Please vote! +1 from me. _______________________________________________ PyPA-Committers mailing list -- pypa-committers@python.org To unsubscribe send an email to pypa-committers-leave@python.org https://mail.python.org/mailman3/lists/pypa-committers.python.org/ Member address: lains@riseup.net
+1 from me :) Filipe Laíns
+1 On Mon, May 24, 2021 at 9:27 AM Dustin Ingram <di@python.org> wrote:
(Based on discussion at https://discuss.python.org/t/proposing-a-community-maintained-database-of-py... )
I propose the creation of a project in the PyPA organization: https://github.com/pypa/advisory-db which will be a community maintained database of PyPI package vulnerabilities.
Please vote! +1 from me. _______________________________________________ PyPA-Committers mailing list -- pypa-committers@python.org To unsubscribe send an email to pypa-committers-leave@python.org https://mail.python.org/mailman3/lists/pypa-committers.python.org/ Member address: brett@python.org
+1 On Fri, 28 May 2021, at 15:19, Henry Schreiner wrote:
+1 from me. _______________________________________________ PyPA-Committers mailing list -- pypa-committers@python.org To unsubscribe send an email to pypa-committers-leave@python.org https://mail.python.org/mailman3/lists/pypa-committers.python.org/ Member address: thomas@kluyver.me.uk
Thanks all. This vote succeeded with eleven +1's and zero -1's. On Mon, May 24, 2021 at 12:27 PM Dustin Ingram <di@python.org> wrote:
(Based on discussion at https://discuss.python.org/t/proposing-a-community-maintained-database-of-py... )
I propose the creation of a project in the PyPA organization: https://github.com/pypa/advisory-db which will be a community maintained database of PyPI package vulnerabilities.
Please vote! +1 from me.
participants (12)
-
Bernat Gabor
-
Brett Cannon
-
Cooper Ry Lees
-
Dustin Ingram
-
Elana Hashman
-
Filipe Laíns
-
Henry Schreiner
-
Matthieu Darbois
-
Sviatoslav Sydorenko
-
Thea Flowers
-
Thomas Kluyver
-
Trishank Kuppusamy