[IPython-dev] Insecure loading of mathjax

Fernando Perez fperez.net at gmail.com
Fri Aug 1 17:57:45 EDT 2014 

I was about to write something along the same lines, but Paul said it much
better than I. +1 to all of that...

Cheers,

f


On Fri, Aug 1, 2014 at 2:40 PM, Paul Ivanov <pi at berkeley.edu> wrote:

> Hi Julian, Kyle, and list,
>
> I just wanted to publicly thank Kyle again for following through
> with these and ensure that they get reported and communicated in
> the right manner. None of the other other IPython developers have
> any experience with disclosing security vulnerabilities to
> appropriate channels, and Kyle has stepped up entirely in a
> volunteer capacity to do this for the benefit of the community.
>
> Thanks to you as well, Julian, for bringing that CDN certificate
> issue to our attention. We need all the help we can get, and I
> my immediate reaction to reading "...making it quite
> pointless..." was that Kyle is getting the stick instead of a
> carrot for following through and doing a better job than we would
> have done without him (your point about reporting this back in
> 0.12 is an example of our previous lack of familiarity,
> appreciation, and engagement with security related issues).
>
> If you have the time and interest, We'd love your help on the
> security side of things (contact Kyle or me offlist), and I think
> Kyle is striving to do a much more punctual disclosure of this
> vulnerability in part because of your feedback on CVE-2014-3429.
> I just want to make sure that we continue to have productive
> interactions.
>
> my sincerest appreciation to both of you,
> --
>                    _
>                   / \
>                 A*   \^   -
>              ,./   _.`\\ / \
>             / ,--.S    \/   \
>            /  `"~,_     \    \
>      __o           ?
>    _ \<,_         /:\
> --(_)/-(_)----.../ | \
> --------------.......J
> Paul Ivanov
> ipython and matplotlib core developer
> http://pirsquared.org
> _______________________________________________
> IPython-dev mailing list
> IPython-dev at scipy.org
> http://mail.scipy.org/mailman/listinfo/ipython-dev
>



-- 
Fernando Perez (@fperez_org; http://fperez.org)
fperez.net-at-gmail: mailing lists only (I ignore this when swamped!)
fernando.perez-at-berkeley: contact me here for any direct mail
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ipython-dev/attachments/20140801/b9afc6d3/attachment.html>

More information about the IPython-dev mailing list