[Python-Dev] security SIG?
ethan at stoneleaf.us
Sun Jun 19 15:54:47 EDT 2016
On 06/19/2016 12:39 PM, Nick Coghlan wrote:
> On 18 June 2016 at 10:36, Ethan Furman wrote:
>> To sum up: I think it would be a good idea.
> I'm coming around to this point of view as well. import-sig, for
> example, is a very low traffic SIG, but I think it serves three key
> useful purposes:
> - it clearly indicates that import is a specialist topic with
> additional considerations to take into account that may not be obvious
> to developers touching the import system for the first time
> - it provides a forum to collaboratively craft explanations of
> proposed changes that should make sense to folks that *aren't*
> - anyone that wants to become an "import system expert" can join the
> SIG and learn from the intermittent discussions of proposed changes
> As far as names go, my vote would be for "paranoia-sig" - it nicely
> avoids any risk of folks submitting security bugs there instead of to
> the PSRT, and "We're professionally paranoid, so you don't need to be"
> is an apt description of good security sensitive API design in a
> general purpose language like Python :)
Heh. I like it. If no one comes up with any other names I'll get the
SIG requested mid-week-ish.
More information about the Python-Dev