[Python-Dev] PEP 466: Proposed policy change for handling network security enhancements
Antoine Pitrou
solipsis at pitrou.net
Sun Mar 23 02:27:21 CET 2014
On Sun, 23 Mar 2014 01:40:32 +0100
"Martin v. Löwis" <martin at v.loewis.de> wrote:
> Am 23.03.14 01:15, schrieb Christian Heimes:
> > On 23.03.2014 01:01, Antoine Pitrou wrote:
> >> This is a bit limited. There are remotely-exploitable security issues
> >> which are still open on the bug tracker; they are not
> >> cryptography-related, but that shouldn't make a difference.
> >>
> >> (for example the dreaded XML issues have never been properly fixed,
> >> AFAICT)
> >
> > True, you may blame me for the situation. Only a handful of people were
> > interested in the XML issues. I ran out of steam and moved to more sapid
> > topics, too
>
> I don't think anybody wanted to assign blame (although I can sympathize
> with your urge to accept the blame). The fact is that this is a
> volunteer project: we do what we can and have fun doing.
Indeed this wasn't meant to blame anyone, simply to point out that
improving security is often hampered by lack of manpower or motivation.
Regards
Antoine.
More information about the Python-Dev
mailing list