15 Apr
2011
15 Apr
'11
8:35 a.m.
Hi all, How come a description of how to exploit a security vulnerability comes before a release for said vulnerability? I'm talking about this: http://blog.python.org/2011/04/urllib-security-vulnerability-fixed.html My understanding is that the whole point of asking people not to report security vulnerability publicly was to allow time to release a fix. If developers haven't had enough time to release the fix, that's fine. But I can't think of a sensible reason why it should be announced first. Cheers, - Gustavo.