On Sat, Jul 15, 2023 at 1:02 PM Dieter Maurer <die...@handshake.de> wrote: > > I am active in the `Zope` community (a web application server > based on Python). This community has a security mailing list > for security related reports > and issues public CVE (= "Commun Vulnerabilities and Exposures") reports > (via a "GitHUB" service) as soon as a security risk has been resolved. > > I expect that security risks for Python itself are handled in > a similar way (as, Python too, maintains its code on "GitHUB").
Yes the Python community does have a security mailing list, but as I noted earlier, it appears to be moribund. And yes, the cpython GitHub repository does have a security tab, but it reports "There aren’t any published security advisories." > ... > For details about CVE, read > "https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures";. Thanks for the link, Dieter. I found the NIST search interface to be buggy, and there doesn't seem to be a way to search the Mitre site effectively to get vulnerabilities just for the Python language and standard libraries. I've downloaded the entire corpus of JSON CVEs and I'm digging into what would be involved in querying it myself. Cheers, Bob -- https://mail.python.org/mailman/listinfo/python-list
