[Python-Dev] FWD: Python execvpe symlink race condition.

[logistix]

> -----Original Message-----
> From: python-dev-admin@python.org [mailto:python-dev-admin@python.org]
On
> Behalf Of Guido van Rossum
> 
> > I glanced at the Debian bug report and saw that it was reporting an
> > exploit against 2.1.3.  I see some value in doing a 2.1.4 release,
> > but not enough value to justify the work.
> 
> Same here.
> 

Shouldn't there be at least some notification to the community at large?
Something that requires the least amount of work possible short of doing
nothing at all.  Like a notice that 2.1.3 has known security
vulnerabilities, and the recommended fix is to upgrade to 2.2.2 posted
on http://www.python.org/2.1/ , http://www.python.org/2.1.3/ and
python-announce.  And possibly a python-security list for the future
that security minded people can subscribe to.