On Thu, Nov 11, 2010 at 11:37 AM, Paul McMillan <p...@mcmillan.ws> wrote: > In general, it would be helpful to have an auto-responder on that > address (so we know our reports didn't end up in a spambox), and a > more specific timeframe for expected response noted on the website. > It's great to have the list, but if a response really is going to take > a week, it would be helpful to note that somewhere so reporters don't > worry that their report has gone to a black hole.
I'd argue that an autoresponder is almost exactly what we *don't* need. An autoreponder can give the illusion of that a message has been received when it's really just a robot going through the motions. The worst possible situation would be an autoreponse message that says "We're looking into it" when the message has actually fallen into the bit bucket. The real solution here is to make sure that the security mailing list is sufficiently well staffed that no message goes 24 hours without getting a response from a live human being. We (the core team) are aware that responses haven't been as prompt as they should be over the last 6 months or so, and we're looking into ways of improving this situation. Yours, Russ Magee %-) -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-develop...@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.