On 05/20/2015 10:10 PM, Markus Holtermann wrote:
> Today the Django team issued Django 1.8.2 as part of our security process.
> This releases address a security issue, and we encourage all users to
> upgrade as soon as possible.
> 
> More details can be found on our blog:
> 
> https://www.djangoproject.com/weblog/2015/may/20/security-release/
> 
> As a reminder, we ask that potential security issues be reported via
> private email to [email protected], and not via Django's Trac
> instance or the django-developers list. Please see
> https://www.djangoproject.com/security for further information.
> 

Hi Markus,

first at all thank you very much that you are so kind to inform us about
django advisories, its appreciated to get informed...

But after a while we realized that (besides our mailing list) we do not
see any email notifications. You should consider to send this advisory
announcement to [email protected] instead of posting it to
the arch (only) security list.

The reason behind this is that we think oss-security is a better place
to inform a wider range of people about django advisories.
In general we try not to become a mirror or rival to general security
and advisory announcing mailinglists. We are watching / monitoring the
oss-security list, so for the Arch Linux package mitigation point of
view there will be no difference in posting it to oss-security. I'm sure
a lot of non Arch Linux related people will appreciate it to get
informed there.

cheers,
Levente

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to