Who should security issues be reported to?
aahz at pythoncraft.com
Fri Jan 28 16:24:30 EST 2005
In article <mailman.1531.1106941937.22381.python-list at python.org>,
Tim Peters <tim.peters at gmail.com> wrote:
>[grahamd at dscpl.com.au]
>> Who are the appropriate people to report security problems to
>> in respect of a module included with the Python distribution?
>> I don't feel it appropriate to be reporting it on general mailing
>The Python project has no non-public resources for this. Filing a bug
>report on SourceForge is the usual approach. If you must, you could
>send email directly to Guido <mailto:guido at python.org>. He may or may
>not have time to follow up on it; public disclosure is the norm in
>this project. Be forewarned that despite that he currently works for
>a security startup, his threshold for "security panic" is very high.
You mean s/despite/because/ don't you? ;-)
Aahz (aahz at pythoncraft.com) <*> http://www.pythoncraft.com/
"19. A language that doesn't affect the way you think about programming,
is not worth knowing." --Alan Perlis
More information about the Python-list