Ticket submission page should direct security issues to django-security.
|Reported by:||Russell Keith-Magee||Owned by:||nobody|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
The "Create New Ticket" page in Trac gives lots of helpful "read this first" advice,but doesn't give one very important piece of advice - that security issues shouldn't be reported in Trac. Sample text for a new bullet point:
"If you are reporting something that you think might be a security issue, *DON'T POST IT HERE* - mail security@…. [See Django's security reporting policy http://docs.djangoproject.com/en/dev/internals/contributing/#id2] for more details"