Ask the infrastructure team for a tracker instance. That would probably be more fruitful of an outlet than in the thread of this one issue. (I'm not trying to be flippant, I think a private issue tracker for vulnerabilities is a really good idea, I just don't think that bemoaning the lack of one in a thread about an FTP issue is likely to get much done.)
> -----Original Message----- > From: Python-Dev [mailto:python-dev-bounces+tritium- > list=sdamon....@python.org] On Behalf Of Antoine Pitrou > Sent: Friday, February 24, 2017 5:02 AM > To: python-dev@python.org > Subject: Re: [Python-Dev] Python FTP Injections Allow for Firewall Bypass > (oss-security advisory) > > On Thu, 23 Feb 2017 23:51:45 -0800 > Benjamin Peterson <benja...@python.org> wrote: > > > > Like all CPython developers, the Python security team are all > > volunteers. That combined with the fact that dealing with security > > issues is one of the least fun programming tasks means issues are > > sometimes dropped. > > > > Perhaps some organization with a stake Python security would like to > > financially support Python security team members. > > > > As for this, particular issue, we should determine if there's a tracker > > issue yet and continue discussion there. > > Just for the record, I find the mailing-list scheme used by PSRT quite > difficult to deal with. For many people it's easy to lose track of > e-mails received more than one week ago, so the necessary followup to > security issues received by e-mail suffers. > > It's a bit sad that regular issues benefit from a full-fledged > Roundup instance to allow for easy tracking of open issues (including > comments and proposed fixes), but security issues are restricted to such > a primitive communication setup which makes it so difficult to get work > done. > > AFAIK, other projects have full-fledged private bug trackers for their > security issues (or access-restricted sections in the main bug tracker, > where the software supports it). > > Regards > > Antoine. > > > _______________________________________________ > Python-Dev mailing list > Python-Dev@python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: https://mail.python.org/mailman/options/python-dev/tritium- > list%40sdamon.com _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
