-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Guido van Rossum napsal(a):
I think we may have to expand our selection creteria, since the existing approach has led to a small PSRT whose members are all too busy to do the necessary legwork. At the same time we need to remain selective -- I don't think having a crowd of hundreds would be productive, and we need to be sure that every single member can absolutely be trusted to take security seriously.
of course
To answer your question directly, I don't think that just being the Python maintainer for some Linux distribution is enough to qualify -- if our process worked well enough, you'd be getting the patches from us via some downstream-flowing distribution mechanism that reaches only trusted people within each vendor organization. I don't happen to
Thanks for your answer. I guess the process is the real problem then. - From what i could observe, the connection between vendor-sec and PSRT is not really working as it should. (And then of course you need some kind of upstream flow too, because not everyone reports to PSRT.)
know you personally -- but perhaps other current members of the PSRT do and that could be enough to secure an invitation.
No, i don't think that i'm known well enough to earn the invitation (yet), this was more of a "so how the hell does it really work" question. regards, jan matejek -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iEYEARECAAYFAkjiDSUACgkQjBrWA+AvBr+zVwCfRGPsDUjREfUKBk7/9yzxDTRN egUAoLQlQe1qJHU9IkbigpevDme6OqwT =BYl7 -----END PGP SIGNATURE-----