security@ seems like the right address, since at a minimum we have all the people who'll know where to route the issue to.

Alex


On Thu, Jun 19, 2014 at 6:32 PM, Benjamin Peterson <benjamin@python.org> wrote:
On Thu, Jun 19, 2014, at 18:23, Antoine Pitrou wrote:
>
>
> Le 19/06/2014 21:13, Nick Coghlan a écrit :
> > A colleague spotted a possible security issue with one of the CPython
> > workflow tools (specifically with the configuration of our
> > installation, rather than with the upstream project), and would like
> > to know where to report it securely.
> >
> > Currently the developer guide covers CPython itself
> > (security@python.org), and infrastructure@python.org is the likely
> > place for the main PSF infrastructure, but it isn't clear where such
> > problems with the CPython worfklow tools should be reported.
>
> I think security@ is fine.
> infrastructure@ is not, since anyone can read it.

There's also infrastructure-staff@python.org, which is private, but they
don't own much of the CPython developer infra. If it's the tracker, for
example, you're better off emailing Martin/bitdancer/Ezio privately.
_______________________________________________
python-committers mailing list
python-committers@python.org
https://mail.python.org/mailman/listinfo/python-committers



--
"I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: 125F 5C67 DFE9 4084