On Thu, Oct 11, 2012 at 12:46 PM, Jeroen Demeyer <[email protected]> wrote: > On 2012-10-11 21:42, Robert Bradshaw wrote: >> On Thu, Oct 11, 2012 at 12:40 PM, Jeroen Demeyer <[email protected]> >> wrote: >>> On 2012-10-11 21:37, Robert Bradshaw wrote: >>>> it's not the Python testsuite that puts files here, it's us, which >>>> should be fixed by #12415 (which is a much bigger issue). >>> No, it *is* absolutely the upstream Python test suite which is vulnerable. >> >> Then *that* should be fixed, not import behavior. Can you send me a pointer? > > You may all be in denial, but I'm currently preparing a report for > upstream, I'll keep you updated.
I'm happy to be corrected. (I don't think things like permissions and whether a directory is "safe" should be, in as much as it is possible, part of a language spec however.) - Robert -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. Visit this group at http://groups.google.com/group/sage-devel?hl=en.
