Thanks, I added that to the PR.
On Monday, October 10, 2016 at 3:43:09 PM UTC-4, Alex_Gaynor wrote:
>
> We already have one :-), our bounty indicates several severity levels:
> https://hackerone.com/django
>
> Alex
>
> On Mon, Oct 10, 2016 at 3:40 PM, Tim Graham > wrote:
>
>> Providing an indica
We already have one :-), our bounty indicates several severity levels:
https://hackerone.com/django
Alex
On Mon, Oct 10, 2016 at 3:40 PM, Tim Graham wrote:
> Providing an indication of severity would be fine with me. Does anyone
> know of other web frameworks that have descriptions of severity
Providing an indication of severity would be fine with me. Does anyone know
of other web frameworks that have descriptions of severity classifications
that we could borrow?
On Saturday, October 8, 2016 at 11:26:06 AM UTC-4, Shai Berger wrote:
>
> On Friday 07 October 2016 19:47:38 Markus Holterm
On Friday 07 October 2016 19:47:38 Markus Holtermann wrote:
> On Friday, October 7, 2016 at 4:58:00 PM UTC+2, Tim Graham wrote:
> > The Django team proposes [0] to add the following to the security policy:
> >
> > Approximately one week before public disclosure, ...
> > we notify django-announce [
While we haven't decided of any particular format, you can expect the
announcements to look a bit
like
https://mta.openssl.org/pipermail/openssl-announce/2016-September/76.html
/Markus
On Friday, October 7, 2016 at 4:58:00 PM UTC+2, Tim Graham wrote:
>
> The Django team proposes [0] to add
The Django team proposes [0] to add the following to the security policy:
Approximately one week before public disclosure, ...
we notify django-announce [1] of the date and approximate time of the
upcoming security release. No information about the issues is given. This
is to
aid organizations t
