> If the exec problems were fixed in 2.2, doesn't that address the > currently reported vulnerability? Correct. > I glanced at the Debian bug report and saw that it was reporting an > exploit against 2.1.3. I see some value in doing a 2.1.4 release, > but not enough value to justify the work. Same here. > Aren't the changes in tempfile primarily the addition of new functions > (mkstemp, mkdtemp)? I think it would be good to backport new functions > that address security issues. Were there changes to the behavior of > mktemp(), too? It seems hard to justify an incompatible change to > existing functions. I think mktemp()'s API is unchanged if you don't count the warning (which I disabled anyway). However the name template used for temporary files is very different -- could this affect applications? --Guido van Rossum (home page: http://www.python.org/~guido/)
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4