On Sun, Sep 28, 2008 at 6:39 AM, Steve Holden <steve at holdenweb.com> wrote: > Brett Cannon wrote: >> On Sat, Sep 27, 2008 at 8:54 AM, Victor Stinner >> <victor.stinner at haypocalc.com> wrote: >>> Hi, >>> >>> I would like to know if a Python security team does exist. I sent an email >>> about an imageop issue, and I didn't get any answer. Later I learned that a >>> security ticket was created, I don't have access to it. >>> >> >> Yes, the PSRT (Python Security Response Team) does exist. We did get >> your email; sorry we didn't respond. There are very few members on >> that list and most of them are extremely busy. Responding to your >> email just slipped through the cracks. I believe Benjamin was the last >> person to work on your submitted patch. >> > [...] > > If we don't have a documented procedure, or if we do have a procedure > and it isn't being followed, we can't be said to be taking security > seriously, which I would find disappointing. This is one of the few > areas where we probably *do* need to be meticulous, and the absence of a > reply to a security report isn't really satisfactory. > > Perhaps if the PSF does eventually hire some paid help, running the > secretarial and administrative portions of the security team would help > the busy members to avoid such issues dropping through the cracks in future. > That actually would be extremely beneficial since as right now a big problem we have is writing up the official announcement that some security issue has been plugged and then sticking up the patches online for people to download. -Brett
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4