[Distutils] a plea for backward-compatibility / smooth transitions

Antoine Pitrou solipsis at pitrou.net
Tue Jul 30 08:28:27 CEST 2013

Donald Stufft <donald <at> stufft.io> writes:
> I *will* advocate and push for breaking things where security is concerned
> regardless of if you care or not, a lot of people *do* care and the nature
of the
> beast is that you're only as strong as the weakest link.

That's nice, but you're not alone here, so whatever you want to "push for"
always happen.

> There's actually pretty strong evidence that
> shows the process of classifying bugs as security bugs is a harmful
process and that
> all updates should be treated the same because it's often times not
> obvious what the security implications are, even to security experts[1].

Doesn't it contradict your own stance on the subject?

("This shows a fundamental misunderstanding of how security issues present
themselves. Of course things just work for people because security issues
are not
like regular bugs" - which is a flawed argument btw. Many bugs have random or
rare occurrences - not just security issues)

> I'm sure your dig at the OS is supposed to be some sort of masterstroke
about how
> we're not being as secure as possible anyways however I would contest that
> OpenBSD is actually more secure.

WTF are you talking about? No it's not. I'm simply pointing out that, for
some strange reason, you decided to trust an OS whose author has very
different views on how to fix 
security issues than you have.



More information about the Distutils-SIG mailing list