[Python-Dev] Hash collision security issue (now public)
Christian Heimes
lists at cheimes.de
Thu Jan 5 23:11:41 CET 2012
Am 05.01.2012 22:59, schrieb Antoine Pitrou:
> I don't think we (python-dev) are really concerned with 2.3, 2.4,
> 2.5 and 3.0. They're all unsupported, and people do what they want
> with their local source trees.
Let me reply with a quote from Barry:
> Correct, although there's no reason why a patch for versions
> older than 2.6 couldn't be included on a python.org security
> page for reference in CVE or other security notifications.
> Distros that care about versions older than Python 2.6 will
> basically be back-porting the patch anyway.
Christian
More information about the Python-Dev
mailing list