[EMAIL PROTECTED] wrote: > Georg> [ Bug http://python.org/sf/1541585 ] > > Georg> This seems to be handled like a security issue by linux > Georg> distributors, it's also a news item on security related pages. > > Georg> Should a security advisory be written and official patches be > Georg> provided? > > I asked about this a few weeks ago. I got no direct response. Secunia sent > mail to webmaster and the SF project admins asking about how this could be > exploited. (Isn't figuring that stuff out their job?)
Perhaps, judging from the name :) > This was corrected before 2.5 was released and the 2.4 source has (I think) > already been patched, with 2.4.4 right around the corner. The bulk of the > Python installations in the field are probably running on Windows (most of > them provided by HP/Compaq), and it seems the Linux vendors are all over it. > I don't know if Apple has picked up on it (or if the version they currently > distribute is affected - 2.3.5 built Oct 5 2005). Would you provide a patch > of some sort for Windows or just refer people to corrected installers? > Given the apparently miserable results trying to get Windows users to > install security fixes manually, I doubt a new 2.4.3 Windows installer would > get much exercise. Even if the patch / corrected installer is used by only 1% of all installations, reacting quickly and providing it in the first place is going to make a much better impression than saying "well, nobody is going to apply it and the next release is due in a few weeks". [CC'ing [EMAIL PROTECTED] Georg _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
