On Thu, 23 Feb 2017 23:51:45 -0800 Benjamin Peterson <benjamin at python.org> wrote: > > Like all CPython developers, the Python security team are all > volunteers. That combined with the fact that dealing with security > issues is one of the least fun programming tasks means issues are > sometimes dropped. > > Perhaps some organization with a stake Python security would like to > financially support Python security team members. > > As for this, particular issue, we should determine if there's a tracker > issue yet and continue discussion there. Just for the record, I find the mailing-list scheme used by PSRT quite difficult to deal with. For many people it's easy to lose track of e-mails received more than one week ago, so the necessary followup to security issues received by e-mail suffers. It's a bit sad that regular issues benefit from a full-fledged Roundup instance to allow for easy tracking of open issues (including comments and proposed fixes), but security issues are restricted to such a primitive communication setup which makes it so difficult to get work done. AFAIK, other projects have full-fledged private bug trackers for their security issues (or access-restricted sections in the main bug tracker, where the software supports it). Regards Antoine.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4