From 397f992f86f570ed29fffa15061513e873f14925 Mon Sep 17 00:00:00 2001 From: Stan Ulbrych Date: Wed, 27 May 2026 17:45:11 +0100 Subject: [PATCH 1/3] Security Policy: Fix an rST spacing bug --- security/policy.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/policy.rst b/security/policy.rst index e9b145220..88d554b3d 100644 --- a/security/policy.rst +++ b/security/policy.rst @@ -133,7 +133,7 @@ Here's what to expect for how a vulnerability report will be handled: * Reporter reports the vulnerability privately to the PSRT. * If the PSRT determines the report isn't a vulnerability, the reporter - may open a public issue. + may open a public issue. * If the PSRT determines the report is a vulnerability, the PSRT will accept the report and a CVE ID will be assigned by the PSF CNA. * Once a public pull request containing a fix is merged to CPython, From f81612e2d3fe8e1d3399a3cc8704d2cc3d7e3e21 Mon Sep 17 00:00:00 2001 From: Stan Ulbrych Date: Wed, 27 May 2026 17:51:32 +0100 Subject: [PATCH 2/3] Grammar + hunspell --- security/policy.rst | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/security/policy.rst b/security/policy.rst index 88d554b3d..5446b9cc5 100644 --- a/security/policy.rst +++ b/security/policy.rst @@ -24,8 +24,7 @@ to report a bug as a vulnerability. Vulnerabilities must be exploitable from code, configurations, pre-conditions, or deployments that may exist in the real world. -A vulnerability that only affecting code -unlikely to be used in a production program +A vulnerability that only affects code unlikely to be used in a production program will not be accepted. Documented functionality is not considered a vulnerability. @@ -81,7 +80,7 @@ porting Python to an unsupported platform is treated as a third-party project. If you choose to report such a vulnerability to Python, please follow the requirements of this guide. Note that these reports may be shared with parties who expressed interested in the relevant platforms and will -generally be handled according to the relevant maintainers' security +generally be handled according to the relevant maintainer's security policies. These reports may closed if the maintainers are unknown or unresponsive. From fcee3cc05d1b31080a838f77815bfb9c054d72ef Mon Sep 17 00:00:00 2001 From: Stan Ulbrych Date: Wed, 27 May 2026 21:11:08 +0100 Subject: [PATCH 3/3] =?UTF-8?q?B=C3=A9n=C3=A9dikt;s=20review?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- security/policy.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/security/policy.rst b/security/policy.rst index 5446b9cc5..e79845121 100644 --- a/security/policy.rst +++ b/security/policy.rst @@ -24,8 +24,8 @@ to report a bug as a vulnerability. Vulnerabilities must be exploitable from code, configurations, pre-conditions, or deployments that may exist in the real world. -A vulnerability that only affects code unlikely to be used in a production program -will not be accepted. +A vulnerability that only affects code unlikely to be used +in a production program will not be accepted. Documented functionality is not considered a vulnerability. For example, :mod:`pickle`, :mod:`marshal`, :mod:`shelve`, :func:`eval`, @@ -80,7 +80,7 @@ porting Python to an unsupported platform is treated as a third-party project. If you choose to report such a vulnerability to Python, please follow the requirements of this guide. Note that these reports may be shared with parties who expressed interested in the relevant platforms and will -generally be handled according to the relevant maintainer's security +generally be handled according to the relevant maintainers' security policies. These reports may closed if the maintainers are unknown or unresponsive.