[Python-Dev] Whats New in 3.4 is pretty much done...
Antoine Pitrou
solipsis at pitrou.net
Thu Mar 13 14:08:42 CET 2014
Le 13/03/2014 11:49, Christian Heimes a écrit :
> Thanks a lot David and Victor! The list of security improvements is
> missing one, maybe two points that are IMHO relevant:
>
> * All stdlib modules now support server cert verification including
> hostname matching and CRL.
CRL? really? I don't remember us doing automatic CRL downloads.
> And there is the point with Coverity Scan. We have reached zero defects
> about half a year ago and fixed all new defects in a matter of days.
> I'll try to keep the defect rate down to zero in the future, too. The
> tool has helped me to identify a bunch of security-relevant issues like
> buffer overflows, invalid casts and more. It's something worth
> mentioning. But I don't want it to sound like an advert... Suggestions?
I don't think it should be mentioned at all. General code quality
improvements are a given in any release, the fact that the issues were
detected by Coverity rather than human scrutiny is a non-information
(except as advertising for Coverity).
Regards
Antoine.
More information about the Python-Dev
mailing list