On 29/07/15 18:50, Guido van Rossum wrote: > I believe that in this particular case, the bug was fixed (by tightening > the requirements for headers) because the bug can lead to security > vulnerabilities. I think you can find more by Googling for keywords like > "http header injection". The more recent Python 2.7 bugfix releases have > specific exemptions from the backwards compatibility requirements for > security fixes -- because their lifespan will still be many years (EOL > of 2.7 is summer 2020).
That argument is valuable but it fails when considering that this fix will be present in 3.4.4 too, with a normal EOL. I am OK with that, though. As I said, I sent my first message for policy verification and to raise awareness. :-). PS: I rarely read python-dev. Too much traffic for me :-(. -- Jesús Cea Avión _/_/ _/_/_/ _/_/_/ j...@jcea.es - http://www.jcea.es/ _/_/ _/_/ _/_/ _/_/ _/_/ Twitter: @jcea _/_/ _/_/ _/_/_/_/_/ jabber / xmpp:j...@jabber.org _/_/ _/_/ _/_/ _/_/ _/_/ "Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ "My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/ "El amor es poner tu felicidad en la felicidad de otro" - Leibniz
signature.asc
Description: OpenPGP digital signature
_______________________________________________ python-committers mailing list python-committers@python.org https://mail.python.org/mailman/listinfo/python-committers
