[Python-Dev] Python security team

Jan Mate(jek jmatejek at suse.cz
Tue Sep 30 13:27:33 CEST 2008

Hash: SHA1

Guido van Rossum napsal(a):
> I think we may have to expand our selection creteria, since the
> existing approach has led to a small PSRT whose members are all too
> busy to do the necessary legwork. At the same time we need to remain
> selective -- I don't think having a crowd of hundreds would be
> productive, and we need to be sure that every single member can
> absolutely be trusted to take security seriously.

of course

> To answer your question directly, I don't think that just being the
> Python maintainer for some Linux distribution is enough to qualify --
> if our process worked well enough, you'd be getting the patches from
> us via some downstream-flowing distribution mechanism that reaches
> only trusted people within each vendor organization. I don't happen to

Thanks for your answer. I guess the process is the real problem then.
- From what i could observe, the connection between vendor-sec and PSRT is
not really working as it should.
(And then of course you need some kind of upstream flow too, because not
everyone reports to PSRT.)

> know you personally -- but perhaps other current members of the PSRT
> do and that could be enough to secure an invitation.
No, i don't think that i'm known well enough to earn the invitation
(yet), this was more of a "so how the hell does it really work" question.

jan matejek
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org


More information about the Python-Dev mailing list