Skip to main content
This is a pre-production deployment of Warehouse. Changes made here affect the production instance of PyPI (pypi.python.org).
Help us improve Python packaging - Donate today!

Reporting a security issue

We take security very seriously and ask that you follow our security policy carefully.

Important! If you believe you've identified a security issue with Warehouse, DO NOT report the issue in any public forum, including (but not limited to):

  • Our GitHub issue tracker
  • Official or unofficial chat channels
  • Official or unofficial mailing lists

Instead, please email Donald Stufft, Ernest W. Durbin III, or Richard Jones directly, providing as much relevant information as possible.

Messages may be optionally encrypted with GPG using key fingerprints (these public keys are available from most commonly-used key servers):

  • Donald Stufft: donald@python.org 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
  • Ernest W. Durbin III: ernest@python.org 11CD 3DD9 8D7E 61C7 6D1A 3224 8815 9C24 830F 6F7E
  • Richard Jones: richard@python.org 0145 FD2B 52E8 0A8E 329A 16C7 AC68 AC04 41C6 E930

What happens next?

Once you've submitted an issue via email, you should receive an acknowledgment within 48 hours.

Depending on the action to be taken, you may receive further follow-up emails.


This security policy was last updated on May 13, 2017

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting