[Python-Dev] Windows installers and OpenSSL
"Martin v. Löwis"
martin at v.loewis.de
Sun Apr 13 20:38:47 CEST 2014
Am 10.04.14 15:41, schrieb Paul Moore:
> Given the OpenSSL vulnerability and the fact that we bundle OpenSSL
> with the Windows installers (1.0.1e in Python 3.4.0) should we be
> releasing updated installers?
As others have said: certainly, and only for 3.4.0 (i.e. 2.7 in
particular is not affected - I'm glad I didn't update OpenSSL
there past 0.9.8).
My feeling with these things is that it is often better to wait
until the dust settles - people in a hurry of fixing security
bugs tend to introduce new ones in the process.
I'm tempted to experiment with installer patch files for this
(.msp); it's technically just a single DLL that would need to be
replaced. Contributions are welcome.
Regards,
Martin
More information about the Python-Dev
mailing list