Fixed #20868 -- Added an email to django-announce as a security step.
Thanks garrison for the report.
This commit is contained in:
Tim Graham
parent
db0779dbe1
commit
5737c57d95
|
|
@ -108,8 +108,12 @@ On the day of disclosure, we will take the following steps:
|
||||||
relevant patches and new releases, and crediting the reporter of
|
relevant patches and new releases, and crediting the reporter of
|
||||||
the issue (if the reporter wishes to be publicly identified).
|
the issue (if the reporter wishes to be publicly identified).
|
||||||
|
|
||||||
|
4. Post a notice to the `django-announce`_ mailing list that links to the blog
|
||||||
|
post.
|
||||||
|
|
||||||
.. _the Python Package Index: http://pypi.python.org/pypi
|
.. _the Python Package Index: http://pypi.python.org/pypi
|
||||||
.. _the official Django development blog: https://www.djangoproject.com/weblog/
|
.. _the official Django development blog: https://www.djangoproject.com/weblog/
|
||||||
|
.. _django-announce: http://groups.google.com/group/django-announce
|
||||||
|
|
||||||
If a reported issue is believed to be particularly time-sensitive --
|
If a reported issue is believed to be particularly time-sensitive --
|
||||||
due to a known exploit in the wild, for example -- the time between
|
due to a known exploit in the wild, for example -- the time between
|
||||||
|
|
@ -214,4 +218,4 @@ If you are added to the notification list, security-related emails
|
||||||
will be sent to you by Django's release manager, and all notification
|
will be sent to you by Django's release manager, and all notification
|
||||||
emails will be signed with the same key used to sign Django releases;
|
emails will be signed with the same key used to sign Django releases;
|
||||||
that key has the ID ``0x3684C0C08C8B2AE1``, and is available from most
|
that key has the ID ``0x3684C0C08C8B2AE1``, and is available from most
|
||||||
commonly-used keyservers.
|
commonly-used keyservers.
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue