[Python-Dev] We cannot fix all issues: let's close XML security issues (not fix them)

Antoine Pitrou solipsis at pitrou.net
Thu Sep 6 10:29:42 EDT 2018

On Thu, 6 Sep 2018 16:18:33 +0200
Victor Stinner <vstinner at redhat.com> wrote:
> It seems like XML is getting less popular because of JSON becoming
> more popular (even if JSON obviously comes with its own set of
> security issues...). It seems like less core developers care about XML
> (today than 3 years ago).
> We should just accept that core developers have limited availability
> and that documenting security issues is an *acceptable* trade-off. I
> don't see any value of keeping these 3 issues open.

If we consider fixing these issues to be desirable, then the issues
should be kept open.  Closing issues because no-one is working on them
sounds a bit silly to me.



More information about the Python-Dev mailing list