From 5737c57d95cc8c17b1aa2da4809f70ad4c212716 Mon Sep 17 00:00:00 2001 From: Tim Graham Date: Fri, 9 Aug 2013 16:02:05 -0400 Subject: [PATCH] Fixed #20868 -- Added an email to django-announce as a security step. Thanks garrison for the report. --- docs/internals/security.txt | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/internals/security.txt b/docs/internals/security.txt index 486b2c9968..327a6a5f60 100644 --- a/docs/internals/security.txt +++ b/docs/internals/security.txt @@ -108,8 +108,12 @@ On the day of disclosure, we will take the following steps: relevant patches and new releases, and crediting the reporter of the issue (if the reporter wishes to be publicly identified). +4. Post a notice to the `django-announce`_ mailing list that links to the blog + post. + .. _the Python Package Index: http://pypi.python.org/pypi .. _the official Django development blog: https://www.djangoproject.com/weblog/ +.. _django-announce: http://groups.google.com/group/django-announce If a reported issue is believed to be particularly time-sensitive -- due to a known exploit in the wild, for example -- the time between @@ -214,4 +218,4 @@ If you are added to the notification list, security-related emails will be sent to you by Django's release manager, and all notification emails will be signed with the same key used to sign Django releases; that key has the ID ``0x3684C0C08C8B2AE1``, and is available from most -commonly-used keyservers. \ No newline at end of file +commonly-used keyservers.