[Python-Dev] Hash collision security issue (now public)

Christian Heimes lists at cheimes.de
Thu Jan 5 23:11:41 CET 2012


Am 05.01.2012 22:59, schrieb Antoine Pitrou:
> I don't think we (python-dev) are really concerned with 2.3, 2.4,
> 2.5 and 3.0.  They're all unsupported, and people do what they want
> with their local source trees.

Let me reply with a quote from Barry:

> Correct, although there's no reason why a patch for versions
> older than 2.6 couldn't be included on a python.org security
> page for reference in CVE or other security notifications.
> Distros that care about versions older than Python 2.6 will
> basically be back-porting the patch anyway.

Christian


More information about the Python-Dev mailing list