Le 06/09/2018 à 16:58, Victor Stinner a écrit : > Are you volunteer to fix the XML modules? No. That doesn't mean nobody else will be. Regards Antoine. > > Victor > Le jeu. 6 sept. 2018 à 16:50, Antoine Pitrou <antoine at python.org> a écrit : >> >> >> Le 06/09/2018 à 16:40, Victor Stinner a écrit : >>> Le jeu. 6 sept. 2018 à 16:33, Antoine Pitrou <solipsis at pitrou.net> a écrit : >>>> If we consider fixing these issues to be desirable, then the issues >>>> should be kept open. Closing issues because no-one is working on them >>>> sounds a bit silly to me. >>> >>> I forgot to mention that closing these issues is my reply to Larry's >>> call to fix 3 security issues: >>> >>> https://mail.python.org/pipermail/python-committers/2018-August/006031.html >>> >>> Larry wrote "If they're really all wontfix, maybe we should mark them >>> as wontfix, thus giving 3.4 a sendoff worthy of its heroic stature." >> >> "wontfix" on 3.4 doesn't mean we won't fix them later, e.g. in 3.8. >> >>> For these XML issues, the security vulnerabilities can also been seen >>> as XML features. Loading an external DTD is part of the XML >>> specification, as well as entity expansion. >> >> That doesn't mean there shouldn't be any hard limits to expansion depth >> or breadth. >> >> Function calls are a Python feature, yet we limit the amount of >> recursion allowed. >> >> Regards >> >> Antoine. >> _______________________________________________ >> Python-Dev mailing list >> Python-Dev at python.org >> https://mail.python.org/mailman/listinfo/python-dev >> Unsubscribe: https://mail.python.org/mailman/options/python-dev/vstinner%40redhat.com
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4