Loïc Minier wrote: > Looks fine; just using python-central and not passing -i to dh_* but > that's all ok. > > Upstream code is fine. > > Will just ping Kees in case he'd like to do a security review, but given > the size of the code and the fact that it's in Python, I would guess > probably not
It is only an implementation of OAuth 1.0, not 1.0a, so it suffers from a session fixation attack, which can be very serious, depending on the application. The API would have to change quite dramatically to support 1.0a though. Thanks, James -- [MIR] python-oauth https://bugs.launchpad.net/bugs/408878 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
