[Python-Dev] PEP 466: Proposed policy change for handling network security enhancements

Antoine Pitrou solipsis at pitrou.net
Sun Mar 23 02:27:21 CET 2014


On Sun, 23 Mar 2014 01:40:32 +0100
"Martin v. Löwis" <martin at v.loewis.de> wrote:
> Am 23.03.14 01:15, schrieb Christian Heimes:
> > On 23.03.2014 01:01, Antoine Pitrou wrote:
> >> This is a bit limited. There are remotely-exploitable security issues
> >> which are still open on the bug tracker; they are not
> >> cryptography-related, but that shouldn't make a difference.
> >>
> >> (for example the dreaded XML issues have never been properly fixed,
> >> AFAICT)
> > 
> > True, you may blame me for the situation. Only a handful of people were
> > interested in the XML issues. I ran out of steam and moved to more sapid
> > topics, too
> 
> I don't think anybody wanted to assign blame (although I can sympathize
> with your urge to accept the blame). The fact is that this is a
> volunteer project: we do what we can and have fun doing.

Indeed this wasn't meant to blame anyone, simply to point out that
improving security is often hampered by lack of manpower or motivation.

Regards

Antoine.




More information about the Python-Dev mailing list