New submission from Stephen Turnbull <step...@xemacs.org>: Python's documentation should make it clear at the most important entry points that the appropriate place to report possible security issues is secur...@python.org, not the tracker. In particular, the tracker's top page (the one you get from http://bugs.python.org/) should make that clear. See the News/Security Advisories on Python's main pages and Brian Curtin's 2011-04-14 post for reasonable descriptions of the de facto policy.
The Tracker documentation probably should be updated with this as well. It might be a good idea to have a way for triagers to suppress display of security issues by classifying them as security (eg, via priority, keyword, or possibly even resolution). Xref thread starting at http://mail.python.org/pipermail/python-dev/2011-April/110722.html. ---------- messages: 2013 nosy: stephen priority: bug status: unread title: Security policy should be visible on top page of tracker, maybe every page _______________________________________________________ PSF Meta Tracker <metatrac...@psf.upfronthosting.co.za> <http://psf.upfronthosting.co.za/roundup/meta/issue393> _______________________________________________________ _______________________________________________ Tracker-discuss mailing list Tracker-discuss@python.org http://mail.python.org/mailman/listinfo/tracker-discuss
