We take the security of packaging seriously. If you believe you’ve identified a security issue in it, DO NOT report the issue in any public forum, including (but not limited to):

  • GitHub issue tracker

  • Official or unofficial chat channels

  • Official or unofficial mailing lists

Please report your issue to Messages may be optionally encrypted with GPG using key fingerprints available at the Python Security page.

Once you’ve submitted an issue via email, you should receive an acknowledgment within 48 hours, and depending on the action to be taken, you may receive further follow-up emails.