-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sep 9, 2006, at 10:09 AM, Guillaume Rousse wrote:
I'd like to use this occasion to drop a maximum of patches we still
have:
- is 2.1.9 still vulnearble to CVE-2005-3573 ? I didn't found any reference to it in the release notes, and the patch [1] still apply
This is the first I've seen of this CVE, but it sounds like bugs that
have been addressed in the email package.
- the default build procedure is not suited to package building: it check target directory directly (which doesn't exist), and leave reference to package build root in python bytecode files. The patches [2] and [3] fixes those issues, maybe they could get integrated.
I don't think your links are correct. Link [1] is the same as link [2].
- we have a patch for the embeded email module that just fix an
encoding name [4]. I didn't found reference to a website or a standalone distribution of this module elsewhere. Could you please transmit the patch to its authors ?
There's no [4] link so I don't understand what this one tries to
fix. The email package is developed at the email-sig: <http://
www.python.org/sigs/email>. You should probably post the issue over
there on that sig.
- -Barry
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBRQYSqnEjvBPtnXfVAQLJpgP/SMowdWbnpicbK9rqeisSIKMffjHP6B1v 6xvFsR3IRmfSin6wIQSMe2yjsVv2Bb7o+tK4u4ts5RE+F0XmBuSu+yeVzq0858y+ dX5iSZHK6b5nrajpR0JFjNTDnir2KPHGr1XlY3vQUhaISeC5wnvWqIiW9KKLat9+ m4F22T7Aqdk= =mzRh -----END PGP SIGNATURE-----