[Python-Dev] OpenSSL vulnerability
Barry Warsaw
barry at python.org
Mon Nov 9 15:12:02 CET 2009
On Nov 8, 2009, at 12:56 PM, Martin v. Löwis wrote:
>>> Also, for Python 2.5 and earlier, any SSL-based code is vulnerable
>>> to a MitM
>>> anyway, so this can only be an issue for code using the new APIs
>>> in Python
>>> 2.6.
>>
>> That's not going to stop the
>> wannabe-self-proclaimed-so-called-vulnerability-"experts" from
>> whining
>> about Python not releasing updated binary distributions though. :-(
>
> The Windows binaries currently build with 0.9.8g. Since changing that
> would be a source code change (even though just a single line), I
> think
> a full source release would be necessary (most likely then for both
> 2.6
> and 3.1).
I don't think it's worth making a quick 2.6.5 release for this if it's
primary intent is to produce new Windows binaries. I'm okay with
making the changes to the tree, but we'll release 2.6.5 on a "normal"
schedule.
-Barry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
URL: <http://mail.python.org/pipermail/python-dev/attachments/20091109/38db296d/attachment.pgp>
More information about the Python-Dev
mailing list