[arch-security] Fw: Django security release issued (1.8.2)
Levente Polyak
anthraxx at archlinux.org
Thu May 21 14:32:58 UTC 2015
On 05/20/2015 10:10 PM, Markus Holtermann wrote:
> Today the Django team issued Django 1.8.2 as part of our security process.
> This releases address a security issue, and we encourage all users to
> upgrade as soon as possible.
>
> More details can be found on our blog:
>
> https://www.djangoproject.com/weblog/2015/may/20/security-release/
>
> As a reminder, we ask that potential security issues be reported via
> private email to security at djangoproject.com, and not via Django's Trac
> instance or the django-developers list. Please see
> https://www.djangoproject.com/security for further information.
>
Hi Markus,
first at all thank you very much that you are so kind to inform us about
django advisories, its appreciated to get informed...
But after a while we realized that (besides our mailing list) we do not
see any email notifications. You should consider to send this advisory
announcement to oss-security at lists.openwall.com instead of posting it to
the arch (only) security list.
The reason behind this is that we think oss-security is a better place
to inform a wider range of people about django advisories.
In general we try not to become a mirror or rival to general security
and advisory announcing mailinglists. We are watching / monitoring the
oss-security list, so for the Arch Linux package mitigation point of
view there will be no difference in posting it to oss-security. I'm sure
a lot of non Arch Linux related people will appreciate it to get
informed there.
cheers,
Levente
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20150521/bb42bb3f/attachment.asc>
More information about the arch-security
mailing list