On Thu, Feb 23, 2017, at 20:36, Steven D'Aprano wrote:
I haven't seen any response to the following alleged security vulnerability.
I am not qualified to judge the merits of this, but it does seem worrying that (alledgedly) the Python security team hasn't responded for over 12 months.
Like all CPython developers, the Python security team are all volunteers. That combined with the fact that dealing with security issues is one of the least fun programming tasks means issues are sometimes dropped.
Perhaps some organization with a stake Python security would like to financially support Python security team members.
As for this, particular issue, we should determine if there's a tracker issue yet and continue discussion there.