If they're really all wontfix, maybe we should mark them as wontfix, thus giving 3.4 a sendoff worthy of its heroic stature. Godspeed, and may a flight of angels sing thee to thy rest, //arry/ On 08/20/2018 05:52 AM, Victor Stinner wrote: > > "shutil copy* unsafe on POSIX - they preserve setuid/setgit bits" > > https://bugs.python.org/issue17180 > > There is no fix. A fix may break the backward compatibility. Is it > really worth it for the last 3.4 release? > > > "XML vulnerabilities in Python" > > https://bugs.python.org/issue17239 > > Bug inactive since 2015. I don't expect that anyone will step in next > weeks with a wonderful solution to all XML issues. I suggest to ignore > this one as well, this issue is as old as XML support in Python and I > am not aware of any victim of these issues. > > Obviously, it would be "nice" to see a fix for these issues but it > seems like core devs are more interested to work on other topics and > other security issues. > > > > "fflush called on pointer to potentially closed file" (Windows only) > > https://bugs.python.org/issue19050 > > It seems like two core devs are opposed to fix this issue. > > -- > > There are open security issues on the HTTP server and urllib. I am > more concerned by these issues, but it's hard to fix them, there is a > risk of introducing regressions. > > Victor -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20180820/8f19e58a/attachment.html>
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4