New submission from Stephen Turnbull <[email protected]>: Python's documentation should make it clear at the most important entry points that the appropriate place to report possible security issues is [email protected], not the tracker. In particular, the tracker's top page (the one you get from http://bugs.python.org/) should make that clear. See the News/Security Advisories on Python's main pages and Brian Curtin's 2011-04-14 post for reasonable descriptions of the de facto policy.
The Tracker documentation probably should be updated with this as well. It might be a good idea to have a way for triagers to suppress display of security issues by classifying them as security (eg, via priority, keyword, or possibly even resolution). Xref thread starting at http://mail.python.org/pipermail/python-dev/2011-April/110722.html. ---------- messages: 2013 nosy: stephen priority: bug status: unread title: Security policy should be visible on top page of tracker, maybe every page _______________________________________________________ PSF Meta Tracker <[email protected]> <http://psf.upfronthosting.co.za/roundup/meta/issue393> _______________________________________________________ _______________________________________________ Tracker-discuss mailing list [email protected] http://mail.python.org/mailman/listinfo/tracker-discuss
