[Python-Dev] patch commit policies (was [issue4308] repr of httplib.IncompleteRead is stupid)
"Martin v. Löwis"
martin at v.loewis.de
Fri Mar 6 20:57:31 CET 2009
> If it is possible for a hostile outsider to trigger the DOS by sending
> mail to be processed by an application using the library, and the
> application can't avoid the DOS without ditching / forking /
> monkeypatching the library, then I would call the bug a "security bug",
> period.
IIUC, it would have been straight forward for the mail servers to avoid
the DOS: simply truncate log lines to 1024 bytes, or something.
> As for backward compatibility: any application which is depending on
> getting arbitrarily-long lines in its logfile is already insane, and
> should be scrapped.
That's not the point. The point is that the very old releases don't
get sufficient review for bug fixes, because too few people care
about them. So a systematic, efficient review by a single person of the
entire release must be possible. This is only possible if the number
of changes is kept to an absolute minimum - just the patches targeted
at the audience of these releases.
Regards,
Martin
More information about the Python-Dev
mailing list