On Fri, Jan 20, 2012 at 2:54 PM, Carl Meyer <carl at oddbird.net> wrote: > I don't have the expertise to speak otherwise to the alternatives for > fixing the collisions vulnerability, but I don't believe it's accurate > to presume that Django would not want to fix a dict-ordering dependency, > and use that as a justification for one approach over another. It's more a matter of wanting deployment of a security fix to be as painless as possible - a security fix that system administrators can't deploy because it breaks critical applications may as well not exist. Cheers, Nick. -- Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4