[Python-Dev] Releases for recent security vulnerability (original) (raw)
Antoine Pitrou solipsis at pitrou.net
Sun Apr 17 15:42:49 CEST 2011
- Previous message: [Python-Dev] Releases for recent security vulnerability
- Next message: [Python-Dev] Releases for recent security vulnerability
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Le dimanche 17 avril 2011 à 09:30 -0400, Jesse Noller a écrit :
> > If we want to make official announcements (like releases or security > warnings), I don't think the blog is appropriate. A separate > announcement channel (mailing-list or newsgroup) would be better, where > people can subscribe knowing they will only get a couple of e-mails a > year. > > Regards > > Antoine.
And whose responsibility is it to email yet another mythical list? The person posting the fix? The person who found and filed the CVE? The release manager?
Well, whose responsibility is it to make blog posts about security issues? If you can answer this question then the other question shouldn't be any more difficult to answer ;)
I don't think the people who may be interested in security announcements want to monitor a generic development blog, since Python is far from the only piece of software they rely on. /I/ certainly wouldn't want to.
Also, I think Gustavo's whole point is that if we don't have a well-defined, deterministic procedure for security announcements and releases, then it's just as though we didn't care about security at all. Saying "look, we mentioned this one on our development blog" isn't really reassuring for the target group of people.
Regards
Antoine.
- Previous message: [Python-Dev] Releases for recent security vulnerability
- Next message: [Python-Dev] Releases for recent security vulnerability
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]