[Python-Dev] security SIG? (was: Discussion overload)

Cory Benfield cory at lukasa.co.uk
Sat Jun 18 10:30:31 EDT 2016

> On 18 Jun 2016, at 04:06, Brett Cannon <brett at python.org> wrote:
> Do we need a security SIG? E.g. would people like Christian and Cory like to have a separate place to talk about the ssl stuff brought up at the language summit?

Honestly, I’m not sure what we would gain.

Unless that SIG is empowered to take action, all it will be is a factory for generating arguments like this one. It will inevitably be either a toxic environment in itself, or a source of toxic threads on python-dev as the security SIG brings new threads like this one to the table.

It should be noted that of the three developers that originally stepped forward on the security side of things here (myself, Donald, and Christian), only I am left subscribed to python-dev and nosy’d on the relevant issues. Put another way: each time we do this, several people on the security side burn themselves out in the thread and walk away (it’s possible that those on the other side of the threads do too, I just don’t know those people so well). It’s hard to get enthusiastic about signing people up for that. =)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/python-dev/attachments/20160618/0ad87123/attachment.sig>

More information about the Python-Dev mailing list