Hi all, How come a description of how to exploit a security vulnerability comes before a release for said vulnerability? I'm talking about this: http://blog.python.org/2011/04/urllib-security-vulnerability-fixed.html
My understanding is that the whole point of asking people not to report security vulnerability publicly was to allow time to release a fix. If developers haven't had enough time to release the fix, that's fine. But I can't think of a sensible reason why it should be announced first. Cheers, - Gustavo. _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
