p31829507
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Rephrased the docs for reporting security issues to make it less intimidating.

This commit is contained in:
Loic Bistuer 2013-07-16 17:14:16 +07:00
parent 862a04a56d
commit aff0aa3af8
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
docs/internals/security.txt
View File

@ -19,7 +19,7 @@ security@djangoproject.com**.
Most normal bugs in Django are reported to `our public Trac
instance`_, but due to the sensitive nature of security issues, we ask
that they *not* be publicly reported in this fashion.
that they **not** be publicly reported in this fashion.
Instead, if you believe you've found something in Django which has
security implications, please send a description of the issue via
@ -28,15 +28,17 @@ reaches a subset of the core development team, who can forward
security issues into the private committers' mailing list for broader
discussion if needed.
You can send encrypted email to this address; the public key ID for
``security@djangoproject.com`` is ``0xfcb84b8d1d17f80b``, and this
public key is available from most commonly-used keyservers.
Once you've submitted an issue via email, you should receive an
acknowledgment from a member of the Django development team within 48
hours, and depending on the action to be taken, you may receive
further followup emails.
.. note::
If you want to send an encrypted email (*optional*), the public key ID for
``security@djangoproject.com`` is ``0xfcb84b8d1d17f80b``, and this public
key is available from most commonly-used keyservers.
.. _our public Trac instance: https://code.djangoproject.com/query
.. _security-support: