On Feb 10, 2010, at 11:46 PM, Martin v. Löwis wrote:
That would require that Barry actually *can* judge the issue at hand. In the specific case, I would expect that Barry would defer the specifics of the Windows issue to Windows experts, and then listen to what they say.
Yep, absolutely.
I'm personally split whether the proposed patch is correct (i.e. whether asctime really *can* be implemented in a cross-platform manner; any definite ruling on that would be welcome). In the past, we had rather taken approaches like disabling runtime assertions "locally"; not sure whether such approaches would work for asctime as well.
In any case, I feel that the issue is not security-critical at all. People just don't pass out-of-range values to asctime, but instead typically pass the result of gmtime/localtime, which will not cause any problems.
Unless other details come to light, I agree. This one isn't worth holding up the release for. -Barry