Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://mail.python.org/pipermail/python-dev/2017-June/148287.html below:

[Python-Dev] Remove embedded expat library?

• Previous message (by thread): [Python-Dev] UPDATE: Python 3.6.2rc1 cutoff now scheduled for 2017-06-16 12:00 UTC
• Next message (by thread): [Python-Dev] Remove embedded expat library?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Python embeds a copy of the expat library which already got two major
security vulnerabilities:

"CVE-2016-0718: expat bug #537"
http://python-security.readthedocs.io/vuln/cve-2016-0718_expat_bug_537.html

"Issue #26556: Expat 2.1.1"
http://python-security.readthedocs.io/vuln/issue_26556_expat_2.1.1.html

Would it be possible to maintain this dependency on an external
repository which would be easier to maintain? Like
http://svn.python.org/projects/external/ used to build Python on
Windows.

I expect that all Linux distributions build Python using
--with-system-expat. It may become the default? What about macOS and
other operating systems?

By the way, Zachary Ware is working on converting this repository to
Git. I don't know his progress:
- https://github.com/python/cpython-bin-deps
- https://github.com/python/cpython-source-deps

Victor

• Previous message (by thread): [Python-Dev] UPDATE: Python 3.6.2rc1 cutoff now scheduled for 2017-06-16 12:00 UTC
• Next message (by thread): [Python-Dev] Remove embedded expat library?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4