[Python-Dev] Releases for recent security vulnerability
Brian Curtin
brian.curtin at gmail.com
Fri Apr 15 14:30:54 CEST 2011
On Apr 15, 2011 3:46 AM, "Gustavo Narea" <me at gustavonarea.net> wrote:
>
> Hi all,
>
> How come a description of how to exploit a security vulnerability
> comes before a release for said vulnerability? I'm talking about this:
> http://blog.python.org/2011/04/urllib-security-vulnerability-fixed.html
>
> My understanding is that the whole point of asking people not to
> report security vulnerability publicly was to allow time to release a
> fix.
To me, the fix *was* released. Sure, no fancy installers were generated yet,
but people who are susceptible to this issue 1) now know about it, and 2)
have a way to patch their system *if needed*.
If that's wrong, I apologize for writing the post too early. On top of that,
it seems I didn't get all of the details right either, so apologies on that
as well.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20110415/dd411cf9/attachment.html>
More information about the Python-Dev
mailing list