Am 10.04.14 15:41, schrieb Paul Moore: > Given the OpenSSL vulnerability and the fact that we bundle OpenSSL > with the Windows installers (1.0.1e in Python 3.4.0) should we be > releasing updated installers?
As others have said: certainly, and only for 3.4.0 (i.e. 2.7 in particular is not affected - I'm glad I didn't update OpenSSL there past 0.9.8). My feeling with these things is that it is often better to wait until the dust settles - people in a hurry of fixing security bugs tend to introduce new ones in the process. I'm tempted to experiment with installer patch files for this (.msp); it's technically just a single DLL that would need to be replaced. Contributions are welcome. Regards, Martin _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
