Who should security issues be reported to?
Tim Peters
tim.peters at gmail.com
Fri Jan 28 14:52:14 EST 2005
[grahamd at dscpl.com.au]
> Who are the appropriate people to report security problems to
> in respect of a module included with the Python distribution?
> I don't feel it appropriate to be reporting it on general mailing
> lists.
The Python project has no non-public resources for this. Filing a bug
report on SourceForge is the usual approach. If you must, you could
send email directly to Guido <mailto:guido at python.org>. He may or may
not have time to follow up on it; public disclosure is the norm in
this project. Be forewarned that despite that he currently works for
a security startup, his threshold for "security panic" is very high.
More information about the Python-list
mailing list