Le 04/27/17 à 06:08, Paul Wise a écrit : > On Fri, 9 Dec 2016 21:24:48 +0100 Julien Muchembled wrote: > >> python-zodbpickle - Fork of pickle module, for ZODB > > If this enters Debian, please make sure that you notify the security > team to update their embedded-code-copies file, which tracks both > embedded copies and forks of projects. > > https://wiki.debian.org/EmbeddedCodeCopies >
python-zodbpickle has just entered Debian and as planned, I suggest to update embedded-code-copies because this package forks the 'pickle' modules of Python 2.7.6 and 3.3.2 For Python 2: python2.7 - zodbpickle <unknown> (embed) NOTE: embeds stdlib modules: pickle, cpickle I am surprised to see no entry for any version of Python 3. Maybe start one with python3.6 However, given the warning at the top of https://docs.python.org/3/library/pickle.html I am not sure it's useful to bother about the security of this code. And unfortunately, the many changes in Python are not merged into zodbpickle. Julien
signature.asc
Description: OpenPGP digital signature