On Thu, 23 Feb 2017 23:51:45 -0800 Benjamin Peterson <benja...@python.org> wrote: > > Like all CPython developers, the Python security team are all > volunteers. That combined with the fact that dealing with security > issues is one of the least fun programming tasks means issues are > sometimes dropped. > > Perhaps some organization with a stake Python security would like to > financially support Python security team members. > > As for this, particular issue, we should determine if there's a tracker > issue yet and continue discussion there.
Just for the record, I find the mailing-list scheme used by PSRT quite difficult to deal with. For many people it's easy to lose track of e-mails received more than one week ago, so the necessary followup to security issues received by e-mail suffers. It's a bit sad that regular issues benefit from a full-fledged Roundup instance to allow for easy tracking of open issues (including comments and proposed fixes), but security issues are restricted to such a primitive communication setup which makes it so difficult to get work done. AFAIK, other projects have full-fledged private bug trackers for their security issues (or access-restricted sections in the main bug tracker, where the software supports it). Regards Antoine. _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
