Skip to content
Browse files

[1.6.x] Fixed #20868 -- Added an email to django-announce as a securi…

…ty step.

Thanks garrison for the report.

Backport of 5737c57 from master
  • Loading branch information...
1 parent 7c5d43e commit 2cd1439c06b2834942545a5679fa50691a736d50 @timgraham timgraham committed
Showing with 5 additions and 1 deletion.
  1. +5 −1 docs/internals/security.txt
6 docs/internals/security.txt
@@ -106,8 +106,12 @@ On the day of disclosure, we will take the following steps:
relevant patches and new releases, and crediting the reporter of
the issue (if the reporter wishes to be publicly identified).
+4. Post a notice to the `django-announce`_ mailing list that links to the blog
+ post.
.. _the Python Package Index:
.. _the official Django development blog:
+.. _django-announce:
If a reported issue is believed to be particularly time-sensitive --
due to a known exploit in the wild, for example -- the time between
@@ -212,4 +216,4 @@ If you are added to the notification list, security-related emails
will be sent to you by Django's release manager, and all notification
emails will be signed with the same key used to sign Django releases;
that key has the ID ``0x3684C0C08C8B2AE1``, and is available from most
-commonly-used keyservers.
+commonly-used keyservers.

0 comments on commit 2cd1439

Please sign in to comment.
Something went wrong with that request. Please try again.