Who should security issues be reported to?

Aahz aahz at pythoncraft.com
Thu Jan 27 20:48:13 EST 2005

In article <1106863164.745581.11920 at f14g2000cwb.googlegroups.com>,
 <grahamd at dscpl.com.au> wrote:
>Who are the appropriate people to report security problems to in
>respect of a module included with the Python distribution?  I don't
>feel it appropriate to be reporting it on general mailing lists.

There is no generally appropriate non-public mechanism for reporting
security issues.  If you really think this needs to be handled
privately, do some research to find out which core developer is most
likely to be familiar with it.  Even before you do that, check
SourceForge to find out whether anyone else has reported it as a bug.
Aahz (aahz at pythoncraft.com)           <*>         http://www.pythoncraft.com/

"19. A language that doesn't affect the way you think about programming,
is not worth knowing."  --Alan Perlis

More information about the Python-list mailing list