On Sun, Sep 28, 2008 at 6:39 AM, Steve Holden <[EMAIL PROTECTED]> wrote: > Brett Cannon wrote: >> On Sat, Sep 27, 2008 at 8:54 AM, Victor Stinner >> <[EMAIL PROTECTED]> wrote: >>> Hi, >>> >>> I would like to know if a Python security team does exist. I sent an email >>> about an imageop issue, and I didn't get any answer. Later I learned that a >>> security ticket was created, I don't have access to it. >>> >> >> Yes, the PSRT (Python Security Response Team) does exist. We did get >> your email; sorry we didn't respond. There are very few members on >> that list and most of them are extremely busy. Responding to your >> email just slipped through the cracks. I believe Benjamin was the last >> person to work on your submitted patch. >> > [...] > > If we don't have a documented procedure, or if we do have a procedure > and it isn't being followed, we can't be said to be taking security > seriously, which I would find disappointing. This is one of the few > areas where we probably *do* need to be meticulous, and the absence of a > reply to a security report isn't really satisfactory. > > Perhaps if the PSF does eventually hire some paid help, running the > secretarial and administrative portions of the security team would help > the busy members to avoid such issues dropping through the cracks in future. >
That actually would be extremely beneficial since as right now a big problem we have is writing up the official announcement that some security issue has been plugged and then sticking up the patches online for people to download. -Brett _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
