security@ seems like the right address, since at a minimum we have all the people who'll know where to route the issue to.
Alex On Thu, Jun 19, 2014 at 6:32 PM, Benjamin Peterson <benja...@python.org> wrote: > On Thu, Jun 19, 2014, at 18:23, Antoine Pitrou wrote: > > > > > > Le 19/06/2014 21:13, Nick Coghlan a écrit : > > > A colleague spotted a possible security issue with one of the CPython > > > workflow tools (specifically with the configuration of our > > > installation, rather than with the upstream project), and would like > > > to know where to report it securely. > > > > > > Currently the developer guide covers CPython itself > > > (secur...@python.org), and infrastruct...@python.org is the likely > > > place for the main PSF infrastructure, but it isn't clear where such > > > problems with the CPython worfklow tools should be reported. > > > > I think security@ is fine. > > infrastructure@ is not, since anyone can read it. > > There's also infrastructure-st...@python.org, which is private, but they > don't own much of the CPython developer infra. If it's the tracker, for > example, you're better off emailing Martin/bitdancer/Ezio privately. > _______________________________________________ > python-committers mailing list > python-committers@python.org > https://mail.python.org/mailman/listinfo/python-committers > -- "I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire) "The people's good is the highest law." -- Cicero GPG Key fingerprint: 125F 5C67 DFE9 4084
_______________________________________________ python-committers mailing list python-committers@python.org https://mail.python.org/mailman/listinfo/python-committers
