Skip to content

Add note on unexpected exceptions to secuirty policy #1825

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
StanFromIreland wants to merge 2 commits into
base: main
Choose a base branch
from
+4 −1
Open

Add note on unexpected exceptions to secuirty policy #1825

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d419c66
Add note on unexpected exceptions to secuirty policy
StanFromIreland Jun 4, 2026
90d59bd
Ooops update sentence below too
StanFromIreland Jun 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion security/policy.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,10 @@ dead-locks, and resource exhaustion) must be
triggerable with data inputs that are reasonably sized for the use case.
Availability vulnerabilities must also demonstrate an "upward" change in posture
for the attacker, rather than a "lateral" one.
This is to avoid handling performance improvements as security vulnerabilities.
Unexpected Python exceptions are not vulnerabilities by themselves unless they
satisfy the availability criteria above.
This is to avoid handling performance and correctness improvements as security
vulnerabilities.

Vulnerabilities in dependencies of Python (such as zlib, Tcl/Tk, or OpenSSL)
are not vulnerabilities in Python unless Python's use of the dependency
Expand Down
Loading