Closed JacobCoffee closed 1 month ago
This PR will add links for all repos under https://github.com/python to the security policy:
The policy at https://www.python.org/dev/security/ says it only covers official CPython and pip.
It doesn't mention other projects under https://github.com/python, such as mypy, blurb, pyperformance and tzdata: https://github.com/orgs/python/repositories?type=all
I think it's reasonable to include those, but let's ask the PSRT first.
Yes, it would show up on all repos under https://github.com/python.
I've asked the PSRT to confirm they're fine with it, and a couple of mypy maintainers said they'd be happy to receive reports via the PSRT. (Mypy being the most likely to receive security reports.)
Any news @hugovk ?
It was generally positive but nothing definitive so I've asked again.
Do I need to merge this? I don't mind, just don't want to step on anyones toes.
Go for it!
What
Why
See Also
https://github.com/python/pythondotorg/pull/2417