On Sat, Oct 06, 2018 at 04:58:13PM +0200, Marius Bakke wrote: > Python 2 and 3 are using a bundled Expat (residing under Modules/). > > This has been the cause of security vulnerabilities in the past and > should be changed to use Expat from Guix.
Looks like Debian uses an external Expat to fill the dependency, so it should be possible: https://packages.debian.org/stretch/python3.5-minimal We should look into the difference between the bundled Expat and upstream Expat.
signature.asc
Description: PGP signature
