Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://mail.python.org/pipermail/python-dev/2014-February/132782.html below:

[Python-Dev] Python Remote Code Execution in socket.recvfrom_into()

• Previous message: [Python-Dev] Python Remote Code Execution in socket.recvfrom_into()
• Next message: [Python-Dev] Python Remote Code Execution in socket.recvfrom_into()
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Feb 25, 2014, at 03:03 PM, Maciej Fijalkowski wrote:

>Oh, I thought security fixes go to all python releases.

Well, not the EOL'd ones of course.

Where's the analysis on backporting SIPHash to older Python versions?  Would
such a backport break backward compatibility?  What other impacts would
backporting have?  Would it break pickles, marshals, or other serialization
protocols?  Are there performance penalties?

While security should be a top priority, it isn't the only consideration in
such cases.  A *lot* of discussion went into how to effect the hash
randomization in Python 2.7, because of questions like these.  The same
analysis would have to be done for backporting this change to active older
Python versions.

-Barry

• Previous message: [Python-Dev] Python Remote Code Execution in socket.recvfrom_into()
• Next message: [Python-Dev] Python Remote Code Execution in socket.recvfrom_into()
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4