[Python-Dev] PEP 466: Proposed policy change for handling network security enhancements

Nick Coghlan ncoghlan at gmail.com
Sun Mar 23 01:33:08 CET 2014


On 23 Mar 2014 10:18, "Christian Heimes" <christian at python.org> wrote:
>
> On 23.03.2014 01:01, Antoine Pitrou wrote:
> > This is a bit limited. There are remotely-exploitable security issues
> > which are still open on the bug tracker; they are not
> > cryptography-related, but that shouldn't make a difference.
> >
> > (for example the dreaded XML issues have never been properly fixed,
> > AFAICT)
>
> True, you may blame me for the situation. Only a handful of people were
> interested in the XML issues. I ran out of steam and moved to more sapid
> topics, too.

The key difference there is we're not reliant on defusedxml to download
defusedxml :)

Anyway, folks have given me plenty of good feedback to chew over. I'm going
to go run some errands and then try to get a new revision posted this
afternoon.

Cheers,
Nick.

>
> Christian
>
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe:
https://mail.python.org/mailman/options/python-dev/ncoghlan%40gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20140323/4ead01fc/attachment.html>


More information about the Python-Dev mailing list