[Python-Dev] Incorporation of zlib sources into Python subversion
Gregory P. Smith
greg at electricrain.com
Wed Dec 21 19:33:24 CET 2005
On Sun, Dec 18, 2005 at 11:09:54AM +0100, "Martin v. L?wis" wrote:
> Thomas (Heller) and I have been discussing whether the zlib
> module should become builtin, atleast on Win32 (i.e. part
> of python25.dll). This would simplify py2exe, which then could
> bootstrap extraction from the compressed file just with
> pythonxy.dll (clearly, zlib.pyd cannot be *in* the compressed
> file).
That makes sense.
One note of caution... zlib has has several security vulnerabilities
revealed in the past. zlib 1.1.x (4?) seems to have had less than the
more recent 1.2.x zlibs so it may be prudent to play conservative and
stick with the older one to avoid chances of having to release a
python security update when zlib bugs are found.
(i don't know what version python uses today maybe this is a non issue?)
> Whether or not this copy of zlib would be integrated in the
> Unix build process, in case where the system does not provide
> a zlib, is a separate question.
scary to think of a system without zlib. tsk tsk on whoever makes those.
-g
More information about the Python-Dev
mailing list