I found a minor security issue on a Python domain (related to PSF infrastructure, not Python the language) and discovered that python.org doesn’t seem to publish a /.well-known/security.txt file at the moment.
The Python security docs are not applicable as this isn’t about a vulnerability in Python but server/website related. Pypi has security@pypi.org - I couldn’t find something like that for @python.org.
This might be a good thing to put into a /.well-known/security.txt file, see https://securitytxt.org/
Replies here aren’t time critical, I’ve already emailed psf@python.org.
Emails to psf@python.org get the following auto-reply which again doesn’t mention security:
Subject: Auto-response for your message to the “PSF-Board” mailing list
From: psf-board-bounces@python.org
!!PLEASE READ!!
Thank you for reaching out to the PSF. This is an auto-respond
message.For help with Python development and or technical questions, please
email help@python.org.For grant requests and sponsorships, please see
PSF Grants Program | Python Software Foundation for requirements and instructions
on how to submit your request.For fiscal sponsorship questions, please email
fiscal-sponsors@python.org.For PSF related requests, we will respond to your email within a
couple business days.