Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #20868 -- Added an email to django-announce as a security step.

Thanks garrison for the report.
  • Loading branch information...
commit 5737c57d95cc8c17b1aa2da4809f70ad4c212716 1 parent db0779d
Tim Graham authored

Showing 1 changed file with 5 additions and 1 deletion. Show diff stats Hide diff stats

  1. 6  docs/internals/security.txt
6  docs/internals/security.txt
@@ -108,8 +108,12 @@ On the day of disclosure, we will take the following steps:
108 108
    relevant patches and new releases, and crediting the reporter of
109 109
    the issue (if the reporter wishes to be publicly identified).
110 110
 
  111
+4. Post a notice to the `django-announce`_ mailing list that links to the blog
  112
+   post.
  113
+
111 114
 .. _the Python Package Index: http://pypi.python.org/pypi
112 115
 .. _the official Django development blog: https://www.djangoproject.com/weblog/
  116
+.. _django-announce: http://groups.google.com/group/django-announce
113 117
 
114 118
 If a reported issue is believed to be particularly time-sensitive --
115 119
 due to a known exploit in the wild, for example -- the time between
@@ -214,4 +218,4 @@ If you are added to the notification list, security-related emails
214 218
 will be sent to you by Django's release manager, and all notification
215 219
 emails will be signed with the same key used to sign Django releases;
216 220
 that key has the ID ``0x3684C0C08C8B2AE1``, and is available from most
217  
-commonly-used keyservers.
  221
+commonly-used keyservers.

0 notes on commit 5737c57

Please sign in to comment.
Something went wrong with that request. Please try again.