[Python-Dev] New security-announce at python.org mailing list

Barry Warsaw barry at python.org
Thu Sep 21 11:30:57 EDT 2017

I’m happy to announce the availability of a new mailing list, with the mission of providing security announcements to the Python community from the Python Security Response Team (PSRT):

security-announce at python.org

You can sign up in the usual Mailman way:


This joins our suite of security related forums.  As always, if you believe you’ve found a security issue in Python, you should contact the PSRT directly and securely via:

security at python.org

For more information on how you can contact us, see:


We also have a public security-focused discussion mailing list that you can subscribe and contribute to.

security-sig at python.org

Please don’t report security vulnerabilities here, since this is a publicly archived mailing list.  We welcome you to collaborate here to help make Python and its ecosystem even more secure than it already is.

Once a security vulnerability is identified and fixed, it becomes public knowledge.  Generally, these are captured in a ReadTheDocs site for posterity:


This new security-announce mailing list fills a void — one-way communication about security related matters from the PSRT back to the community.  This is an area that we’ve not done a great job at, frankly, and this new announcement list is intended to improve that situation.  The PSRT will use this low traffic, high value forum as the primary way the PSRT will communicate security issues of high importance back to the wider Python community.  All follow-ups to postings to this list are redirected to the security-sig mailing list.

-Barry (on behalf of the PSRT)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://mail.python.org/pipermail/python-dev/attachments/20170921/a1641f74/attachment-0001.sig>

More information about the Python-Dev mailing list