Disclaimer: I am not a maintainer and don't speak for them But Wow! This is blunt. So your company is making good money using free products, supported by volunteers.
If the sollicitation is mission critical, it would be a good idea to convince your management to spend some budget on supporting the pylint maintainers instead of demanding quick action. Maybe you could rephrase like: "whom should I contact, is there anybody we can hire to do this for us?" This does, however, happen to be one of the problems I came in touch with on my day job: SOUP (software of unknown provenance) management in medical software. And most open source we use is not maintained with processes that fit these strict regulations (iec16304). It would be great if the industry could start a funded registry of these free tools, and support the maintainers with money and advise. On the other hand, these heavy weight processes could hamper experimentation and evolution when not managed properly. Some partial solutions do exist already: one example (I googled for 'cve pylint') could be snyk: https://security.snyk.io/package/pip/pylint On Sat, 7 Jan 2023, 02:17 Bird, Kurt, <kurt.b...@gd-ms.ca> wrote: > Dear Pylint Maintainers, > > > > GDMS-C is preparing a response to a Government of Canada solicitation and > is considering identifying the following products in the work environment > for the proposed solution; > > > > - Pylint v2.* > > > > As a requirement of the solicitation, GDMS-C is required to submit a list > of the five (5) latest vulnerabilities for the products listed above. > Please consider this request and complete the attached form for the > products listed. > > > > The proposal response is due shortly and as such GDMS-C would appreciate > your response by no later than Close of Business (COB) on January 13, 2023. > > > > Thank you in advance for your assistance, please advise if you require any > further assistance or do not foresee meeting the requested due date. > > > > Best regards, > > > > > > *Kurt Bird Scrum Master, LCSS DevOps General Dynamics Mission > Systems-Canada* > > *(403)-730-1206* > > > “This message and/or attachments may include information subject to GD > Corporate Policies and is intended to be accessed only by authorized > recipients. Use, storage and transmission are governed by General Dynamics > and its policies. Contractual restrictions apply to third parties. > Recipients should refer to the policies or contract to determine proper > handling. Unauthorized review, use, disclosure or distribution is > prohibited. If you are not an intended recipient, please contact the sender > and destroy all copies of the original message.” > _______________________________________________ > code-quality mailing list -- code-quality@python.org > To unsubscribe send an email to code-quality-le...@python.org > https://mail.python.org/mailman3/lists/code-quality.python.org/ > Member address: kristoffel.pir...@gmail.com >
_______________________________________________ code-quality mailing list -- code-quality@python.org To unsubscribe send an email to code-quality-le...@python.org https://mail.python.org/mailman3/lists/code-quality.python.org/ Member address: arch...@mail-archive.com
