[1.6.x] Fixed #20868 -- Added an email to django-announce as a security step.

Thanks garrison for the report.

Backport of 5737c57d95 from master
This commit is contained in:
Tim Graham 2013-08-09 16:02:05 -04:00
parent 7c5d43eea0
commit 2cd1439c06
1 changed files with 5 additions and 1 deletions

View File

@ -106,8 +106,12 @@ On the day of disclosure, we will take the following steps:
relevant patches and new releases, and crediting the reporter of relevant patches and new releases, and crediting the reporter of
the issue (if the reporter wishes to be publicly identified). the issue (if the reporter wishes to be publicly identified).
4. Post a notice to the `django-announce`_ mailing list that links to the blog
post.
.. _the Python Package Index: http://pypi.python.org/pypi .. _the Python Package Index: http://pypi.python.org/pypi
.. _the official Django development blog: https://www.djangoproject.com/weblog/ .. _the official Django development blog: https://www.djangoproject.com/weblog/
.. _django-announce: http://groups.google.com/group/django-announce
If a reported issue is believed to be particularly time-sensitive -- If a reported issue is believed to be particularly time-sensitive --
due to a known exploit in the wild, for example -- the time between due to a known exploit in the wild, for example -- the time between
@ -212,4 +216,4 @@ If you are added to the notification list, security-related emails
will be sent to you by Django's release manager, and all notification will be sent to you by Django's release manager, and all notification
emails will be signed with the same key used to sign Django releases; emails will be signed with the same key used to sign Django releases;
that key has the ID ``0x3684C0C08C8B2AE1``, and is available from most that key has the ID ``0x3684C0C08C8B2AE1``, and is available from most
commonly-used keyservers. commonly-used keyservers.