If they're really all wontfix, maybe we should mark them as wontfix,
thus giving 3.4 a sendoff worthy of its heroic stature.
Godspeed, and may a flight of angels sing thee to thy rest,
//arry/
On 08/20/2018 05:52 AM, Victor Stinner wrote:
> "shutil copy* unsafe on POSIX - they preserve setuid/setgit bits"
> https://bugs.python.org/issue17180
There is no fix. A fix may break the backward compatibility. Is it
really worth it for the last 3.4 release?
> "XML vulnerabilities in Python"
> https://bugs.python.org/issue17239
Bug inactive since 2015. I don't expect that anyone will step in next
weeks with a wonderful solution to all XML issues. I suggest to ignore
this one as well, this issue is as old as XML support in Python and I
am not aware of any victim of these issues.
Obviously, it would be "nice" to see a fix for these issues but it
seems like core devs are more interested to work on other topics and
other security issues.
> "fflush called on pointer to potentially closed file" (Windows only)
> https://bugs.python.org/issue19050
It seems like two core devs are opposed to fix this issue.
--
There are open security issues on the HTTP server and urllib. I am
more concerned by these issues, but it's hard to fix them, there is a
risk of introducing regressions.
Victor
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
