> If it is possible for a hostile outsider to trigger the DOS by sending > mail to be processed by an application using the library, and the > application can't avoid the DOS without ditching / forking / > monkeypatching the library, then I would call the bug a "security bug", > period.
IIUC, it would have been straight forward for the mail servers to avoid the DOS: simply truncate log lines to 1024 bytes, or something. > As for backward compatibility: any application which is depending on > getting arbitrarily-long lines in its logfile is already insane, and > should be scrapped. That's not the point. The point is that the very old releases don't get sufficient review for bug fixes, because too few people care about them. So a systematic, efficient review by a single person of the entire release must be possible. This is only possible if the number of changes is kept to an absolute minimum - just the patches targeted at the audience of these releases. Regards, Martin _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
