On Wed, Jan 9, 2013 at 4:48 AM, Victor Stinner email@example.com wrote:
My question is: would you accept to break backward compatibility (in Python 3.4) to fix a potential security vulnerability?
If not, an alternative is to add an option, disabled by default, to enable (or disable) explicitly close-on-exec in Python 3.4, and wait for 3.5 to enable the option by default. So applications might disable the flag explicitly in Python 3.4.
If the end goal is indeed going to close-on-exec ON by default, then I think having it 3.4 itself is a good idea. OFF for one release just gives the framework developers who use SocketServer some additional time.
Usually, I have realized that framework devs try our release candidates and see if they see any potential changes to be done. If they realize this change in their testing, it would be good for both parties.
So, my vote. +1 for making that in 3.4
Thank you, Senthil