summaryrefslogtreecommitdiff
path: root/docs/internals
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2013-08-09 16:02:05 -0400
committerTim Graham <timograham@gmail.com>2013-08-09 16:02:54 -0400
commit2cd1439c06b2834942545a5679fa50691a736d50 (patch)
treef926569c540f8457417778cea57708b27fee6b07 /docs/internals
parent7c5d43eea0d48f1c521c8f16b2d713b222407f90 (diff)
[1.6.x] Fixed #20868 -- Added an email to django-announce as a security step.
Thanks garrison for the report. Backport of 5737c57d95 from master
Diffstat (limited to 'docs/internals')
-rw-r--r--docs/internals/security.txt6
1 files changed, 5 insertions, 1 deletions
diff --git a/docs/internals/security.txt b/docs/internals/security.txt
index 7121ff31ec..96e1141066 100644
--- a/docs/internals/security.txt
+++ b/docs/internals/security.txt
@@ -106,8 +106,12 @@ On the day of disclosure, we will take the following steps:
relevant patches and new releases, and crediting the reporter of
the issue (if the reporter wishes to be publicly identified).
+4. Post a notice to the `django-announce`_ mailing list that links to the blog
+ post.
+
.. _the Python Package Index: http://pypi.python.org/pypi
.. _the official Django development blog: https://www.djangoproject.com/weblog/
+.. _django-announce: http://groups.google.com/group/django-announce
If a reported issue is believed to be particularly time-sensitive --
due to a known exploit in the wild, for example -- the time between
@@ -212,4 +216,4 @@ If you are added to the notification list, security-related emails
will be sent to you by Django's release manager, and all notification
emails will be signed with the same key used to sign Django releases;
that key has the ID ``0x3684C0C08C8B2AE1``, and is available from most
-commonly-used keyservers. \ No newline at end of file
+commonly-used keyservers.