On 05/20/2015 10:10 PM, Markus Holtermann wrote: > Today the Django team issued Django 1.8.2 as part of our security process. > This releases address a security issue, and we encourage all users to > upgrade as soon as possible. > > More details can be found on our blog: > > https://www.djangoproject.com/weblog/2015/may/20/security-release/ > > As a reminder, we ask that potential security issues be reported via > private email to [email protected], and not via Django's Trac > instance or the django-developers list. Please see > https://www.djangoproject.com/security for further information. >
Hi Markus, first at all thank you very much that you are so kind to inform us about django advisories, its appreciated to get informed... But after a while we realized that (besides our mailing list) we do not see any email notifications. You should consider to send this advisory announcement to [email protected] instead of posting it to the arch (only) security list. The reason behind this is that we think oss-security is a better place to inform a wider range of people about django advisories. In general we try not to become a mirror or rival to general security and advisory announcing mailinglists. We are watching / monitoring the oss-security list, so for the Arch Linux package mitigation point of view there will be no difference in posting it to oss-security. I'm sure a lot of non Arch Linux related people will appreciate it to get informed there. cheers, Levente
signature.asc
Description: OpenPGP digital signature
