We take the security of Warehouse seriously. The following are a set of policies we have adopted to ensure that security issues are addressed in a timely fashion.
Reporting a security issue¶
We ask that you do not report security issues to our normal GitHub issue tracker.
If you believe you’ve identified a security issue with Warehouse, please
report it to firstname.lastname@example.org and email@example.com. Messages may be
optionally encrypted with PGP using key fingerprints
7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA and
0145 FD2B 52E8 0A8E 329A 16C7 AC68 AC04 41C6 E930 (these public keys are
available from most commonly-used key servers).
Once you’ve submitted an issue via email, you should receive an acknowledgment within 48 hours, and depending on the action to be taken, you may receive further follow-up emails.