[IPython-dev] Insecure loading of mathjax
fperez.net at gmail.com
Fri Aug 1 17:57:45 EDT 2014
I was about to write something along the same lines, but Paul said it much
better than I. +1 to all of that...
On Fri, Aug 1, 2014 at 2:40 PM, Paul Ivanov <pi at berkeley.edu> wrote:
> Hi Julian, Kyle, and list,
> I just wanted to publicly thank Kyle again for following through
> with these and ensure that they get reported and communicated in
> the right manner. None of the other other IPython developers have
> any experience with disclosing security vulnerabilities to
> appropriate channels, and Kyle has stepped up entirely in a
> volunteer capacity to do this for the benefit of the community.
> Thanks to you as well, Julian, for bringing that CDN certificate
> issue to our attention. We need all the help we can get, and I
> my immediate reaction to reading "...making it quite
> pointless..." was that Kyle is getting the stick instead of a
> carrot for following through and doing a better job than we would
> have done without him (your point about reporting this back in
> 0.12 is an example of our previous lack of familiarity,
> appreciation, and engagement with security related issues).
> If you have the time and interest, We'd love your help on the
> security side of things (contact Kyle or me offlist), and I think
> Kyle is striving to do a much more punctual disclosure of this
> vulnerability in part because of your feedback on CVE-2014-3429.
> I just want to make sure that we continue to have productive
> my sincerest appreciation to both of you,
> / \
> A* \^ -
> ,./ _.`\\ / \
> / ,--.S \/ \
> / `"~,_ \ \
> __o ?
> _ \<,_ /:\
> --(_)/-(_)----.../ | \
> Paul Ivanov
> ipython and matplotlib core developer
> IPython-dev mailing list
> IPython-dev at scipy.org
Fernando Perez (@fperez_org; http://fperez.org)
fperez.net-at-gmail: mailing lists only (I ignore this when swamped!)
fernando.perez-at-berkeley: contact me here for any direct mail
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the IPython-dev