On 11.03.2014 13:18, Victor Stinner wrote: > Hi, > > Thanks David! I added a summary of security improvements: > http://docs.python.org/dev/whatsnew/3.4.html#summary-release-highlights > > Can someone please review it? Don't hesitate to modify the text > directly. Check also if the summary is complete.
Thanks a lot David and Victor! The list of security improvements is missing one, maybe two points that are IMHO relevant: * All stdlib modules now support server cert verification including hostname matching and CRL. * http://bugs.python.org/issue16499 isolated mode is a security improvement, too. Should the section or Whats New in general mention that Python builds without compiler warnings on most platforms and that we aim for zero warnings on all supported platforms and compilers? And there is the point with Coverity Scan. We have reached zero defects about half a year ago and fixed all new defects in a matter of days. I'll try to keep the defect rate down to zero in the future, too. The tool has helped me to identify a bunch of security-relevant issues like buffer overflows, invalid casts and more. It's something worth mentioning. But I don't want it to sound like an advert... Suggestions? Christian _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
