I’m happy to announce the availability of a new mailing list, with the mission of providing security announcements to the Python community from the Python Security Response Team (PSRT):
You can sign up in the usual Mailman way:
This joins our suite of security related forums. As always, if you believe you’ve found a security issue in Python, you should contact the PSRT directly and securely via:
For more information on how you can contact us, see:
We also have a public security-focused discussion mailing list that you can subscribe and contribute to.
Please don’t report security vulnerabilities here, since this is a publicly archived mailing list. We welcome you to collaborate here to help make Python and its ecosystem even more secure than it already is.
Once a security vulnerability is identified and fixed, it becomes public knowledge. Generally, these are captured in a ReadTheDocs site for posterity:
This new security-announce mailing list fills a void — one-way communication about security related matters from the PSRT back to the community. This is an area that we’ve not done a great job at, frankly, and this new announcement list is intended to improve that situation. The PSRT will use this low traffic, high value forum as the primary way the PSRT will communicate security issues of high importance back to the wider Python community. All follow-ups to postings to this list are redirected to the security-sig mailing list.
Cheers, -Barry (on behalf of the PSRT)