security@ seems like the right address, since at a minimum we have all the people who'll know where to route the issue to.
Alex
On Thu, Jun 19, 2014 at 6:32 PM, Benjamin Peterson <benjamin@python.org> wrote:
On Thu, Jun 19, 2014, at 18:23, Antoine Pitrou wrote:
Le 19/06/2014 21:13, Nick Coghlan a écrit :
A colleague spotted a possible security issue with one of the CPython workflow tools (specifically with the configuration of our installation, rather than with the upstream project), and would like to know where to report it securely.
Currently the developer guide covers CPython itself (security@python.org), and infrastructure@python.org is the likely place for the main PSF infrastructure, but it isn't clear where such problems with the CPython worfklow tools should be reported.
I think security@ is fine. infrastructure@ is not, since anyone can read it.
There's also infrastructure-staff@python.org, which is private, but they don't own much of the CPython developer infra. If it's the tracker, for example, you're better off emailing Martin/bitdancer/Ezio privately.
python-committers mailing list python-committers@python.org https://mail.python.org/mailman/listinfo/python-committers
-- "I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire) "The people's good is the highest law." -- Cicero GPG Key fingerprint: 125F 5C67 DFE9 4084