Who should security issues be reported to?

Aahz aahz at pythoncraft.com
Fri Jan 28 16:24:30 EST 2005

In article <mailman.1531.1106941937.22381.python-list at python.org>,
Tim Peters  <tim.peters at gmail.com> wrote:
>[grahamd at dscpl.com.au]
>> Who are the appropriate people to report security problems to
>> in respect of a module included with the Python distribution?
>> I don't feel it appropriate to be reporting it on general mailing
>> lists.
>The Python project has no non-public resources for this.  Filing a bug
>report on SourceForge is the usual approach.  If you must, you could
>send email directly to Guido <mailto:guido at python.org>.  He may or may
>not have time to follow up on it; public disclosure is the norm in
>this project.  Be forewarned that despite that he currently works for
>a security startup, his threshold for "security panic" is very high.

You mean s/despite/because/ don't you?  ;-)
Aahz (aahz at pythoncraft.com)           <*>         http://www.pythoncraft.com/

"19. A language that doesn't affect the way you think about programming,
is not worth knowing."  --Alan Perlis

More information about the Python-list mailing list