On Thu, Apr 18, 2013 at 2:47 PM, Benjamin Peterson <benja...@python.org> wrote: > 2013/4/18 Maciej Fijalkowski <fij...@gmail.com>: >> Hi >> >> libffi has bugs sometimes (like this >> http://bugs.python.org/issue17580). Now this is a thing that upstream >> fixes really quickly, but tracking down issues on bugs.python.org is >> annoying (they never get commited as quickly as the upstream). is >> there a good reason why cpython has it's own copy of libffi? I >> understand historical reasons, but PyPy gets along relying on the >> system library, so maybe we can kill the inclusion. > > IIRC, it had (has?) some custom windows patches, which no one knows > whether they're relevant or not. > > I personally would love to see all libraries that we have copies of in > the repo killed.
Upstream seems to be incredibly responsive. Why not merge them there? Is it just "we can't patch distutils" crap? If we *really* need to provide libraries for systems that don't have them, how about simply having a separate download for those systems instead of using it on systems that *do* have them and in fact *do* have them in a better version. Note that the recent patches (one for 32bit, one for ARM) are easily security holes. I'm not 100% sure if segfault caused by stack misalignment is an exploitable thing, but you can definitely cause a segfault on any ctypes code, even if perfectly safe. Cheers, fijal _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
