On Jan 23, 2008 12:25 PM, Steve Holden <steve at holdenweb.com> wrote: > Giampaolo Rodola' wrote: > >> Also, *nothing* should go into the 2.4 branch any more *except* > >> important security patches. > ^^^^^^^^^ > > > > http://bugs.python.org/issue1745035 > > I guess this one should concern both 2.4 and 2.5 branches. > > > > Egregious though the error may be I can't myself see that a complete new > release is justified simply to include a four-line patch in a single > (not often-used?) module. If it were a buffer overflow it might be > different (but that would pretty much have to involve a C component). > > Couldn't we just publicize the patch? I can't bring myself to believe > that 1745035 is really "important" enough. It should go into 2.5 for sure. It should go into 2.4 at the discretion of the release manager. We *are* considering a pure-security-fixes source-only release of 2.4 (I wasn't 100% clear on that in my first mail in this thread). IMO DoS vulnerabilities are rarely worth getting excited about, unless they have the potential of bringing down a significant portion of the internet. This one doesn't. -- --Guido van Rossum (home page: http://www.python.org/~guido/)
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4