On Sat, Apr 16, 2011 at 06:45, Gustavo Narea <m...@gustavonarea.net> wrote:
> Hello, > > On 15/04/11 13:30, Brian Curtin wrote: > > To me, the fix *was* released. > > No, it wasn't. It was *committed* to the repository. > Yep, and that's enough for me. If you have a vulnerable system, you can now patch it with an accepted fix. > > > Sure, no fancy installers were generated yet, but people who are > > susceptible to this issue 1) now know about it, and 2) have a way to > > patch their system *if needed*. > > Well, that's a long shot. I doubt the people/organizations affected are > all aware. Hence why this blog exists and why this post was made... And I doubt they are all capable of patching their system or > getting a patched Python from a trusted party. > Maybe that's where the post fell short. Should I have added a section with an example of how to apply the patch to an example system like 2.6? > Three weeks after this security vulnerability was *publicly* reported on > bugs.python.org, and two days after it was semi-officially announced, > I'm still waiting for security updates for my Ubuntu and Debian systems! > > I reckon if this had been handled differently (i.e., making new releases > and communicating it via the relevant channels [1]), we wouldn't have > the situation we have right now. I don't really think there's a "situation" here, and I fail to see how the development blog isn't one of the relevant channels.
_______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
