On Sat, 7 Oct 2017 12:15:14 -0400 "Aaron W. Swenson" <titanof...@gentoo.org> wrote:
> This reads kind of awkwardly. Maybe something along this lines of: > > This release brings several incompatible changes as a result of > deprecations coming to term [#] and mitigating a potential security > issue [#]. > > I wouldn’t really consider the security risk eliminated, but > mitigated as the vector of attack remains if program or module adds the > current working directory to @INC on its own. The interpreter just isn’t > adding it to @INC. Its probably more accurate to consider this a form of security theatre than a real security mitigation. Just phrasing that succinctly is not easy. Maybe instead of calling it "a security issue", its "a change in defaults due to potential security concerns"
pgpvjsgOu1u2j.pgp
Description: OpenPGP digital signature
