On Thu, Jun 19, 2014, at 18:23, Antoine Pitrou wrote:
Le 19/06/2014 21:13, Nick Coghlan a écrit :
A colleague spotted a possible security issue with one of the CPython workflow tools (specifically with the configuration of our installation, rather than with the upstream project), and would like to know where to report it securely.
Currently the developer guide covers CPython itself (security@python.org), and infrastructure@python.org is the likely place for the main PSF infrastructure, but it isn't clear where such problems with the CPython worfklow tools should be reported.
I think security@ is fine. infrastructure@ is not, since anyone can read it.
There's also infrastructure-staff@python.org, which is private, but they don't own much of the CPython developer infra. If it's the tracker, for example, you're better off emailing Martin/bitdancer/Ezio privately.