Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document where security issues should be reported #11037

Closed
1 task done
pradyunsg opened this issue Apr 14, 2022 · 6 comments
Closed
1 task done

Document where security issues should be reported #11037

pradyunsg opened this issue Apr 14, 2022 · 6 comments
Labels
type: docs Documentation related

Comments

@pradyunsg
Copy link
Member

What's the problem this feature will solve?

It’s unclear to users/researchers where they should report security issues in pip.

Describe the solution you'd like

Document that they should email security@python.org with their report and reproducer.

Alternative Solutions

Not documenting it, or listing specific maintainers as security contacts.

Additional context

#11033

Code of Conduct
@pradyunsg pradyunsg added the type: docs Documentation related label Apr 14, 2022
@pradyunsg pradyunsg mentioned this issue Apr 14, 2022
Closed
1 task
@pradyunsg
Copy link
Member Author

Also discussed in #10928

@sandeepkiran-js
Copy link
Contributor

Is this issue still open for contribution - Changes in documentation to add contact for reporting to security issues

@pradyunsg
Copy link
Member Author

Yes, we need to document that security issues should be reported to security@python.org

@sandeepkiran-js
Copy link
Contributor

This is my first contribution , so should i make changes in https://github.com/pypa/pip/blob/main/docs/html/index.md

Old content:
< end of file >
If you find bugs, need help, or want to talk to the developers, use our mailing lists or chat rooms:

GitHub Issues
Discourse channel
User IRC
Development IRC

New content:

If you find bugs, need help, or want to talk to the developers, use our mailing lists or chat rooms:

GitHub Issues
Discourse channel
User IRC
Development IRC

< new content here>
If you find any security issues , please report to security@python.org

@sandeepkiran-js
Copy link
Contributor

@pradyunsg ,Pull Request: #11140

@sandeepkiran-js sandeepkiran-js mentioned this issue May 23, 2022
Merged
@uranusjr
Copy link
Member

I guess this can be closed now

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type: docs Documentation related
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@uranusjr @pradyunsg @sandeepkiran-js