anatoly techtonik <techto...@gmail.com> added the comment: Eric, interested parties will not fill CVE or DSA requests. They will just steal the pass of PyPI uploaders and use it to inject malicious code into popular packages.
If you need a CVE or DSA to evaluate if an issue imposes a security risk, then better leave this task to somebody else. ---------- type: behavior -> security _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue9995> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
