Martin v. Löwis wrote: > > On the other hand, the exploit could be crafted based on reading the SVN > > check-ins ... > > Sure. However, at that point, the bug is fixed (atleast in SVN); > crackers need to act comparatively fast then to exploit it. OTOH, if > only the report was available, the project might not take any action > for some time, increasing the risk of an exploit. it should also be mentioned that Python has an established procedure for dealing with more serious security problems, and "go check it in" is not part of that procedure. (there's still a possibility that someone checks in a fix without realizing that the original bug is an attack vector, but I don't think Coverity has discovered anything like that in the Python code base; we're mainly talking about leaks and null-pointer references here). </F>
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4