I just got a few questions on how to apply security fixes. To clarify, I recommend the following guidelines: - whether something constitutes a security bug is sometimes debatable - in case of doubt, discussion is needed. I would be in favor of fixing it if the patch is small and obviously correct, and opposed if the patch looks tricky. Double check that the routine behavior (the "good" cases) stay completely unchanged (in particular, be aware of not allowing new exceptions to occur). - if you want to backport a security bug fix to 2.5, ALWAYS consider 2.4 as well. They are in the same state, and should get the same care (2.3 is closed for good). Of course, it might be that the bug doesn't exist in 2.4. - ALWAYS notify security at python.org. For one thing, they might offer advise on how to proceed, but also, they might consider publishing an advisory, and/or notifying some CERT. Notification is in particular necessary if you are unfamiliar with security issues, how they get classified, and so on - so do ask the experts. (and no, I'm not one of them :-) Regards, Martin
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4