[Python-Dev] Releases for recent security vulnerability
Gustavo Narea
me at gustavonarea.net
Fri Apr 15 10:35:06 CEST 2011
Hi all,
How come a description of how to exploit a security vulnerability
comes before a release for said vulnerability? I'm talking about this:
http://blog.python.org/2011/04/urllib-security-vulnerability-fixed.html
My understanding is that the whole point of asking people not to
report security vulnerability publicly was to allow time to release a
fix.
If developers haven't had enough time to release the fix, that's fine.
But I can't think of a sensible reason why it should be announced
first.
Cheers,
- Gustavo.
More information about the Python-Dev
mailing list