[Python-Dev] Python security team (original) (raw)
Brett Cannon brett at python.org
Mon Sep 29 00:43:08 CEST 2008
- Previous message: [Python-Dev] Python security team
- Next message: [Python-Dev] Python security team
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sun, Sep 28, 2008 at 6:39 AM, Steve Holden <steve at holdenweb.com> wrote:
Brett Cannon wrote:
On Sat, Sep 27, 2008 at 8:54 AM, Victor Stinner <victor.stinner at haypocalc.com> wrote:
Hi,
I would like to know if a Python security team does exist. I sent an email about an imageop issue, and I didn't get any answer. Later I learned that a security ticket was created, I don't have access to it.
Yes, the PSRT (Python Security Response Team) does exist. We did get your email; sorry we didn't respond. There are very few members on that list and most of them are extremely busy. Responding to your email just slipped through the cracks. I believe Benjamin was the last person to work on your submitted patch. [...] If we don't have a documented procedure, or if we do have a procedure and it isn't being followed, we can't be said to be taking security seriously, which I would find disappointing. This is one of the few areas where we probably do need to be meticulous, and the absence of a reply to a security report isn't really satisfactory. Perhaps if the PSF does eventually hire some paid help, running the secretarial and administrative portions of the security team would help the busy members to avoid such issues dropping through the cracks in future.
That actually would be extremely beneficial since as right now a big problem we have is writing up the official announcement that some security issue has been plugged and then sticking up the patches online for people to download.
-Brett
- Previous message: [Python-Dev] Python security team
- Next message: [Python-Dev] Python security team
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]