Who should security issues be reported to?

Tim Peters tim.peters at gmail.com
Fri Jan 28 20:52:14 CET 2005


[grahamd at dscpl.com.au]
> Who are the appropriate people to report security problems to
> in respect of a module included with the Python distribution?
> I don't feel it appropriate to be reporting it on general mailing
> lists.

The Python project has no non-public resources for this.  Filing a bug
report on SourceForge is the usual approach.  If you must, you could
send email directly to Guido <mailto:guido at python.org>.  He may or may
not have time to follow up on it; public disclosure is the norm in
this project.  Be forewarned that despite that he currently works for
a security startup, his threshold for "security panic" is very high.



More information about the Python-list mailing list