How the Django team handles security

Posted by Adrian Holovaty on August 10, 2006

In the wake of the Ruby on Rails mandatory security patch and its awkward handling, we've been discussing how we can avoid such a problem in the Django community.

In case you haven't seen it, our How to contribute to Django document has a Reporting security issues section, which describes our policy. Take the 30 seconds to read that.

In addition to that policy, which we've had for a while, today we created a django-announce mailing list. It's a low-traffic, announcement-only mailing list. We'll send a message to it for new Django releases, significant feature additions and security alerts. If you're a Django user, it'd be a good idea for you to sign up for this list.

Back to Top