[Python-Dev] Python security team
josiah.carlson at gmail.com
Sat Sep 27 20:04:06 CEST 2008
On Sat, Sep 27, 2008 at 8:54 AM, Victor Stinner
<victor.stinner at haypocalc.com> wrote:
> Second, I would like to help to fix all Python security issues. It looks like
> Python community isn't very reactive (proactive?) about security. Eg. a DoS
> was reported in smtpd server (integrated to Python)... 15 months ago. A patch
> is available but it's not applied in Python trunk.
The smtpd module is not meant to be used without modification. It is
the responsibility of the application writer to decide the limitations
of the emails they want to allow sending, and subsequently handle the
case where emails overrun that limit. That the bug wasn't assigned to
me outright (I am the maintainer of asyncore, asynchat, and smtpd) was
an understandable mistake.
More information about the Python-Dev