[Csv] Re: [Python-Dev] Patch to remove eval from csv sniffer

Guido van Rossum guido at python.org
Thu Jun 12 15:27:59 CEST 2003


> The patch by Raymond Hettinger mentioned here:
> 
>     www.python.org/sf/744104
> 
> makes a lot of sense. The question is - should it be applied now? We're
> in the 55th minute of the 11th hour for 2.3, and changes are generally
> unwelcome. This change changes the sniffer's behaviour slightly, but
> it's probably better to do this now, than after 2.3 is released (and
> it's a potential security problem).

Better now.

--Guido van Rossum (home page: http://www.python.org/~guido/)


More information about the Csv mailing list