Am 10.04.14 15:41, schrieb Paul Moore:
Given the OpenSSL vulnerability and the fact that we bundle OpenSSL
with the Windows installers (1.0.1e in Python 3.4.0) should we be
releasing updated installers?
As others have said: certainly, and only for 3.4.0 (i.e. 2.7 in
particular is not affected
. Löwismailto:mar...@v.loewis.de
Sent: 4/13/2014 14:51
To: Paul Mooremailto:p.f.mo...@gmail.com; Python
Devmailto:python-dev@python.org
Subject: Re: [Python-Dev] Windows installers and OpenSSL
Am 10.04.14 15:41, schrieb Paul Moore:
Given the OpenSSL vulnerability and the fact that we bundle OpenSSL
Am 13.04.14 21:41, schrieb Steve Dower:
I'm willing to embark on migrating the entire installer to WiX, which
doesn't directly fix any particular issue, but could significantly
reduce the overhead of building and maintaining the Windows installers.
I somewhat doubt that it could reduce the
Given the OpenSSL vulnerability and the fact that we bundle OpenSSL
with the Windows installers (1.0.1e in Python 3.4.0) should we be
releasing updated installers?
Paul
___
Python-Dev mailing list
Python-Dev@python.org
On 2014-04-10 14:41, Paul Moore wrote:
Given the OpenSSL vulnerability and the fact that we bundle OpenSSL
with the Windows installers (1.0.1e in Python 3.4.0) should we be
releasing updated installers?
I'd say yes, but, then, I wouldn't be doing any of the work...
Yep. All binary Python distributions that bundle SSL support need updating.
But... what MRAB said.
We also *likely* have SSL certificates and SSH host keys on
python.orginfrastructure that need to be revoked and new certs
reissued
*after* all of those machines have been patched and their services
On Thu, Apr 10, 2014, at 14:50, Gregory P. Smith wrote:
Yep. All binary Python distributions that bundle SSL support need
updating.
But... what MRAB said.
We also *likely* have SSL certificates and SSH host keys on
python.orginfrastructure that need to be revoked and new certs
reissued
On 10 Apr 2014 18:55, Benjamin Peterson benja...@python.org wrote:
On Thu, Apr 10, 2014, at 14:50, Gregory P. Smith wrote:
Yep. All binary Python distributions that bundle SSL support need
updating.
But... what MRAB said.
We also *likely* have SSL certificates and SSH host keys on
On 11.04.2014 03:15, Nick Coghlan wrote:
On 10 Apr 2014 18:55, Benjamin Peterson benja...@python.org wrote:
On Thu, Apr 10, 2014, at 14:50, Gregory P. Smith wrote:
Yep. All binary Python distributions that bundle SSL support need
updating.
But... what MRAB said.
We also *likely* have SSL