[python-committers] Winding down 3.4
vstinner at redhat.com
Mon Aug 20 08:52:28 EDT 2018
> "shutil copy* unsafe on POSIX - they preserve setuid/setgit bits"
There is no fix. A fix may break the backward compatibility. Is it really
worth it for the last 3.4 release?
> "XML vulnerabilities in Python"
Bug inactive since 2015. I don't expect that anyone will step in next weeks
with a wonderful solution to all XML issues. I suggest to ignore this one
as well, this issue is as old as XML support in Python and I am not aware
of any victim of these issues.
Obviously, it would be "nice" to see a fix for these issues but it seems
like core devs are more interested to work on other topics and other
> "fflush called on pointer to potentially closed file" (Windows only)
It seems like two core devs are opposed to fix this issue.
There are open security issues on the HTTP server and urllib. I am more
concerned by these issues, but it's hard to fix them, there is a risk of
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the python-committers