How the Django team handles security

In the wake of the Ruby on Rails mandatory security patch and its awkward handling, we've been discussing how we can avoid such a problem in the Django community.

In case you haven't seen it, our How to contribute to Django document has a Reporting security issues section, which describes our policy. Take the 30 seconds to read that.

In addition to that policy, which we've had for a while, today we created a django-announce mailing list. It's a low-traffic, announcement-only mailing list. We'll send a message to it for new Django releases, significant feature additions and security alerts. If you're a Django user, it'd be a good idea for you to sign up for this list.