-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Guido van Rossum napsal(a): > I think we may have to expand our selection creteria, since the > existing approach has led to a small PSRT whose members are all too > busy to do the necessary legwork. At the same time we need to remain > selective -- I don't think having a crowd of hundreds would be > productive, and we need to be sure that every single member can > absolutely be trusted to take security seriously.
of course > > To answer your question directly, I don't think that just being the > Python maintainer for some Linux distribution is enough to qualify -- > if our process worked well enough, you'd be getting the patches from > us via some downstream-flowing distribution mechanism that reaches > only trusted people within each vendor organization. I don't happen to Thanks for your answer. I guess the process is the real problem then. - From what i could observe, the connection between vendor-sec and PSRT is not really working as it should. (And then of course you need some kind of upstream flow too, because not everyone reports to PSRT.) > know you personally -- but perhaps other current members of the PSRT > do and that could be enough to secure an invitation. > No, i don't think that i'm known well enough to earn the invitation (yet), this was more of a "so how the hell does it really work" question. regards, jan matejek -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iEYEARECAAYFAkjiDSUACgkQjBrWA+AvBr+zVwCfRGPsDUjREfUKBk7/9yzxDTRN egUAoLQlQe1qJHU9IkbigpevDme6OqwT =BYl7 -----END PGP SIGNATURE----- _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
