Hello, We're handling security through Tidelift, you can contact them directly:
https://tidelift.com/subscription/pkg/pypi-pylint?utm_source=pypi-pylint&utm_medium= code_quality_mailing_list You can also sponsor one of the pylint maintainer and ask them directly at: https://github.com/sponsors/DanielNoord https://github.com/sponsors/Pierre-Sassoulas Best regards, Le dim. 8 janv. 2023 à 08:49, Kristoffel Pirard <kristoffel.pir...@gmail.com> a écrit : > Disclaimer: I am not a maintainer and don't speak for them > > But Wow! This is blunt. So your company is making good money using free > products, supported by volunteers. > > If the sollicitation is mission critical, it would be a good idea to > convince your management to spend some budget on supporting the pylint > maintainers instead of demanding quick action. > > Maybe you could rephrase like: "whom should I contact, is there anybody we > can hire to do this for us?" > > This does, however, happen to be one of the problems I came in touch with > on my day job: SOUP (software of unknown provenance) management in > medical software. And most open source we use is not maintained with > processes that fit these strict regulations (iec16304). > > It would be great if the industry could start a funded registry of these > free tools, and support the maintainers with money and advise. On the other > hand, these heavy weight processes could hamper experimentation and > evolution when not managed properly. > > Some partial solutions do exist already: one example (I googled for 'cve > pylint') could be snyk: > > https://security.snyk.io/package/pip/pylint > > > > > On Sat, 7 Jan 2023, 02:17 Bird, Kurt, <kurt.b...@gd-ms.ca> wrote: > >> Dear Pylint Maintainers, >> >> >> >> GDMS-C is preparing a response to a Government of Canada solicitation and >> is considering identifying the following products in the work environment >> for the proposed solution; >> >> >> >> - Pylint v2.* >> >> >> >> As a requirement of the solicitation, GDMS-C is required to submit a list >> of the five (5) latest vulnerabilities for the products listed above. >> Please consider this request and complete the attached form for the >> products listed. >> >> >> >> The proposal response is due shortly and as such GDMS-C would appreciate >> your response by no later than Close of Business (COB) on January 13, 2023. >> >> >> >> Thank you in advance for your assistance, please advise if you require >> any further assistance or do not foresee meeting the requested due date. >> >> >> >> Best regards, >> >> >> >> >> >> *Kurt Bird Scrum Master, LCSS DevOps General Dynamics Mission >> Systems-Canada* >> >> *(403)-730-1206* >> >> >> “This message and/or attachments may include information subject to GD >> Corporate Policies and is intended to be accessed only by authorized >> recipients. Use, storage and transmission are governed by General Dynamics >> and its policies. Contractual restrictions apply to third parties. >> Recipients should refer to the policies or contract to determine proper >> handling. Unauthorized review, use, disclosure or distribution is >> prohibited. If you are not an intended recipient, please contact the sender >> and destroy all copies of the original message.” >> _______________________________________________ >> code-quality mailing list -- code-quality@python.org >> To unsubscribe send an email to code-quality-le...@python.org >> https://mail.python.org/mailman3/lists/code-quality.python.org/ >> Member address: kristoffel.pir...@gmail.com >> > _______________________________________________ > code-quality mailing list -- code-quality@python.org > To unsubscribe send an email to code-quality-le...@python.org > https://mail.python.org/mailman3/lists/code-quality.python.org/ > Member address: pierre.sassou...@gmail.com >
_______________________________________________ code-quality mailing list -- code-quality@python.org To unsubscribe send an email to code-quality-le...@python.org https://mail.python.org/mailman3/lists/code-quality.python.org/ Member address: arch...@mail-archive.com
