Yep. All binary Python distributions that bundle SSL support need updating. But... what MRAB said.
We also *likely* have SSL certificates and SSH host keys on python.orginfrastructure that need to be revoked and new certs reissued *after* all of those machines have been patched and their services restarted. Including hg.python.org. -gps On Thu, Apr 10, 2014 at 10:51 AM, MRAB <pyt...@mrabarnett.plus.com> wrote: > On 2014-04-10 14:41, Paul Moore wrote: > >> Given the OpenSSL vulnerability and the fact that we bundle OpenSSL >> with the Windows installers (1.0.1e in Python 3.4.0) should we be >> releasing updated installers? >> >> I'd say yes, but, then, I wouldn't be doing any of the work... > > _______________________________________________ > Python-Dev mailing list > Python-Dev@python.org > https://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: https://mail.python.org/mailman/options/python-dev/ > greg%40krypto.org >
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
