From ff56e431ad94ce54ad0fb8e11113474ea1362112 Mon Sep 17 00:00:00 2001 From: Ian Cordasco Date: Wed, 28 Jan 2015 08:16:05 -0600 Subject: [PATCH 1/6] Update support documentation to be more accurate We were missing instructions to report security vulnerabilities, and all of the documentation referred to Kenneth as the only source of support. We were also missing a link to StackOverflow. --- docs/community/support.rst | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/docs/community/support.rst b/docs/community/support.rst index 7f8c332d..6985fa5b 100644 --- a/docs/community/support.rst +++ b/docs/community/support.rst @@ -5,12 +5,27 @@ Support If you have questions or issues about Requests, there are several options: +StackOverflow +------------- + +If your question does not contain sensitive (possibly proprietary) +information or can be properly anonymized, please ask a question on +`StackOverflow `_ +and use the tag ``python-requests``. + Send a Tweet ------------ If your question is less than 140 characters, feel free to send a tweet to -`@kennethreitz `_. +`@kennethreitz `_ or +`@sigmavirus24 `_. +Vulnerability Disclosure +------------------------ + +If you think you have found a potential security vulnerability in requests, +please email `sigmavirus24 `_ and +`Lukasa `_ directly. **Do not file a public issue.** File an Issue ------------- @@ -34,4 +49,9 @@ IRC The official Freenode channel for Requests is `#python-requests `_ -I'm also available as **kennethreitz** on Freenode. +The core developers of requests are on IRC throughout the day. +You can find them in ``#python-requests`` as: + +- kennethreitz +- lukasa +- sigmavirus24 From 02f852cc41aec89e1f5147cc87732927b80b8420 Mon Sep 17 00:00:00 2001 From: Ian Cordasco Date: Wed, 28 Jan 2015 08:58:05 -0600 Subject: [PATCH 2/6] Add Cory's twitter account Added some more detail to the Vulnerability section --- docs/community/support.rst | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/docs/community/support.rst b/docs/community/support.rst index 6985fa5b..8270c480 100644 --- a/docs/community/support.rst +++ b/docs/community/support.rst @@ -17,8 +17,9 @@ Send a Tweet ------------ If your question is less than 140 characters, feel free to send a tweet to -`@kennethreitz `_ or -`@sigmavirus24 `_. +`@kennethreitz `_, +`@sigmavirus24 `_, or +`@lukasaoz `_. Vulnerability Disclosure ------------------------ @@ -27,6 +28,15 @@ If you think you have found a potential security vulnerability in requests, please email `sigmavirus24 `_ and `Lukasa `_ directly. **Do not file a public issue.** +If English is not your first language, please try to describe the problem and +its impact to the best of your ability. For greater detail please use your native +language and we will try our best to translate it using online services. Please +also include the code you used to find the problem and the shortest amount of code +necessar to reproduce it. Please do not disclose this to anyone else. We will +retrieve a CVE identifier if necessary and give you full credit under whatever +name or alias you provide. We will respect your privacy and will only publicize +your involvement if you grant us permission. + File an Issue ------------- From 3a5e2b2f3de4d46ea247ad88a26c09867d048712 Mon Sep 17 00:00:00 2001 From: Ian Cordasco Date: Wed, 28 Jan 2015 08:58:43 -0600 Subject: [PATCH 3/6] Add a missing comma --- docs/community/support.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/community/support.rst b/docs/community/support.rst index 8270c480..9f18c9e3 100644 --- a/docs/community/support.rst +++ b/docs/community/support.rst @@ -29,7 +29,7 @@ please email `sigmavirus24 `_ and `Lukasa `_ directly. **Do not file a public issue.** If English is not your first language, please try to describe the problem and -its impact to the best of your ability. For greater detail please use your native +its impact to the best of your ability. For greater detail, please use your native language and we will try our best to translate it using online services. Please also include the code you used to find the problem and the shortest amount of code necessar to reproduce it. Please do not disclose this to anyone else. We will From e6448578776f6abe5116017103f6503369dccf1b Mon Sep 17 00:00:00 2001 From: Ian Cordasco Date: Wed, 28 Jan 2015 20:48:22 -0600 Subject: [PATCH 4/6] Fix typo. Use smaller paragraphs. Add CVE list --- docs/community/support.rst | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/docs/community/support.rst b/docs/community/support.rst index 9f18c9e3..d73f7022 100644 --- a/docs/community/support.rst +++ b/docs/community/support.rst @@ -30,12 +30,26 @@ please email `sigmavirus24 `_ and If English is not your first language, please try to describe the problem and its impact to the best of your ability. For greater detail, please use your native -language and we will try our best to translate it using online services. Please -also include the code you used to find the problem and the shortest amount of code -necessar to reproduce it. Please do not disclose this to anyone else. We will -retrieve a CVE identifier if necessary and give you full credit under whatever -name or alias you provide. We will respect your privacy and will only publicize -your involvement if you grant us permission. +language and we will try our best to translate it using online services. + +Please also include the code you used to find the problem and the shortest amount +of code necessary to reproduce it. + +Please do not disclose this to anyone else. We will retrieve a CVE identifier if +necessary and give you full credit under whatever name or alias you provide. +We will only request an identifier when we have a fix and can publish it in a release. + +We will respect your privacy and will only publicize your involvement if you grant +us permission. + +Previous CVEs +~~~~~~~~~~~~~ + +- Fixed in 2.3.0 + + - `CVE 2014-1829 `_ + + - `CVE 2014-1830 `_ File an Issue ------------- From e7ac8ea0c106be330912c2d043756a714d115e4a Mon Sep 17 00:00:00 2001 From: Ian Cordasco Date: Wed, 4 Mar 2015 08:11:39 -0600 Subject: [PATCH 5/6] Add PGP Key fingerprints --- docs/community/support.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/community/support.rst b/docs/community/support.rst index d73f7022..babecb8a 100644 --- a/docs/community/support.rst +++ b/docs/community/support.rst @@ -28,6 +28,12 @@ If you think you have found a potential security vulnerability in requests, please email `sigmavirus24 `_ and `Lukasa `_ directly. **Do not file a public issue.** +Our PGP Key fingerprints are: + +- 0161 BB7E B208 B5E0 4FDC 9F81 D9DA 0A04 9113 F853 (@sigmavirus24) + +- (@lukasa) + If English is not your first language, please try to describe the problem and its impact to the best of your ability. For greater detail, please use your native language and we will try our best to translate it using online services. From bcfcd9f980440e7bb3f38d57c1332009b8d31642 Mon Sep 17 00:00:00 2001 From: Cory Benfield Date: Wed, 4 Mar 2015 20:16:25 +0000 Subject: [PATCH 6/6] Add Lukasa's GPG key fingerprint. --- docs/community/support.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/community/support.rst b/docs/community/support.rst index babecb8a..96f600a1 100644 --- a/docs/community/support.rst +++ b/docs/community/support.rst @@ -32,7 +32,7 @@ Our PGP Key fingerprints are: - 0161 BB7E B208 B5E0 4FDC 9F81 D9DA 0A04 9113 F853 (@sigmavirus24) -- (@lukasa) +- 90DC AE40 FEA7 4B14 9B70 662D F25F 2144 EEC1 373D (@lukasa) If English is not your first language, please try to describe the problem and its impact to the best of your ability. For greater detail, please use your native