We take the security of packaging seriously. If you believe you’ve identified a security issue in it, DO NOT report the issue in any public forum, including (but not limited to):
GitHub issue tracker
Official or unofficial chat channels
Official or unofficial mailing lists
Please report your issue to
firstname.lastname@example.org. Messages may be optionally
encrypted with GPG using key fingerprints available at the Python Security
Once you’ve submitted an issue via email, you should receive an acknowledgment within 48 hours, and depending on the action to be taken, you may receive further follow-up emails.