[Python-Dev] security SIG?

Ethan Furman ethan at stoneleaf.us
Sun Jun 19 15:54:47 EDT 2016

On 06/19/2016 12:39 PM, Nick Coghlan wrote:
> On 18 June 2016 at 10:36, Ethan Furman wrote:

>> To sum up:  I think it would be a good idea.
> I'm coming around to this point of view as well. import-sig, for
> example, is a very low traffic SIG, but I think it serves three key
> useful purposes:
> - it clearly indicates that import is a specialist topic with
> additional considerations to take into account that may not be obvious
> to developers touching the import system for the first time
> - it provides a forum to collaboratively craft explanations of
> proposed changes that should make sense to folks that *aren't*
> specialists
> - anyone that wants to become an "import system expert" can join the
> SIG and learn from the intermittent discussions of proposed changes


> As far as names go, my vote would be for "paranoia-sig" - it nicely
> avoids any risk of folks submitting security bugs there instead of to
> the PSRT, and "We're professionally paranoid, so you don't need to be"
> is an apt description of good security sensitive API design in a
> general purpose language like Python :)

Heh.  I like it.  If no one comes up with any other names I'll get the 
SIG requested mid-week-ish.


More information about the Python-Dev mailing list