[Csv] Re: [Python-Dev] Patch to remove eval from csv sniffer
Guido van Rossum
guido at python.org
Thu Jun 12 15:27:59 CEST 2003
> The patch by Raymond Hettinger mentioned here:
>
> www.python.org/sf/744104
>
> makes a lot of sense. The question is - should it be applied now? We're
> in the 55th minute of the 11th hour for 2.3, and changes are generally
> unwelcome. This change changes the sniffer's behaviour slightly, but
> it's probably better to do this now, than after 2.3 is released (and
> it's a potential security problem).
Better now.
--Guido van Rossum (home page: http://www.python.org/~guido/)
More information about the Csv
mailing list