> -----Original Message----- > From: python-dev-admin@python.org [mailto:python-dev-admin@python.org] On > Behalf Of Guido van Rossum > > > I glanced at the Debian bug report and saw that it was reporting an > > exploit against 2.1.3. I see some value in doing a 2.1.4 release, > > but not enough value to justify the work. > > Same here. > Shouldn't there be at least some notification to the community at large? Something that requires the least amount of work possible short of doing nothing at all. Like a notice that 2.1.3 has known security vulnerabilities, and the recommended fix is to upgrade to 2.2.2 posted on http://www.python.org/2.1/ , http://www.python.org/2.1.3/ and python-announce. And possibly a python-security list for the future that security minded people can subscribe to.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4