> On Jul 21, 2017, at 3:45 AM, Victor Stinner <victor.stin...@gmail.com> wrote: > > Ok, I more concrete problem. To fix the "urllib FTP" bug, we have to > find a balance between security (reject any URL looking like an > attempt to counter the security protections) and backward > compatibility (accept filenames containing newlines).
For this case, the balance should probably tilt more towards security than backwards compatibility. I would be very concerned about such odd URLs. That said, if backwards compatibility is going to be broken, consider giving users a temporary, clean way to opt-out of the additional projections (don't want to leave them high and dry if they happen to have a legitimate use case). Raymond _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
