Providing an indication of severity would be fine with me. Does anyone know of other web frameworks that have descriptions of severity classifications that we could borrow?
On Saturday, October 8, 2016 at 11:26:06 AM UTC-4, Shai Berger wrote: > > On Friday 07 October 2016 19:47:38 Markus Holtermann wrote: > > On Friday, October 7, 2016 at 4:58:00 PM UTC+2, Tim Graham wrote: > > > The Django team proposes [0] to add the following to the security > policy: > > > > > > Approximately one week before public disclosure, ... > > > we notify django-announce [1] of the date and approximate time of the > > > upcoming security release. No information about the issues is given. > [...] > > > > While we haven't decided of any particular format, you can expect the > > announcements to look a bit like > > > https://mta.openssl.org/pipermail/openssl-announce/2016-September/000076.html > > > > with nitpicking(): > this example does give some information about the issues -- the > number of > issues and an assessment of their severitly level. I believe it is > a good > example to follow. > > Shai. > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/41d3c6cc-76d6-4e10-aed6-5f1cb0d85f3f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
