Message287568
It does not appear to me that targets have to be security critical, though that is certainly a good place to start. The Chrome tests found 100s of "security vulnerabilities and stability bugs".
The important thing is that there be someone willing to receive and act on reports. Would 'make public after 90 days' ever be a problem? AFAIK, most Python security issues are already public here on the tracker from day 1. |
|
Date |
User |
Action |
Args |
2017-02-10 19:34:11 | terry.reedy | set | recipients:
+ terry.reedy, brett.cannon, gregory.p.smith, christian.heimes |
2017-02-10 19:34:11 | terry.reedy | set | messageid: <1486755251.89.0.967335276802.issue29505@psf.upfronthosting.co.za> |
2017-02-10 19:34:11 | terry.reedy | link | issue29505 messages |
2017-02-10 19:34:11 | terry.reedy | create | |
|