Who should security issues be reported to?
Fredrik Lundh
fredrik at pythonware.com
Fri Jan 28 07:28:14 EST 2005
Duncan Booth wrote:
> I think part of the problem you are having is that Python doesn't make any
> representations about security, so it is pretty hard to come up with issues
> which really are security related. Products which are based on Python (e.g.
> Zope) and which do aim to provide some kind of secure environment probably
> will have some clear mechanism for reporting security related issues.
security issues occur when code that claims to do something can be used to do
something entirely different, by malevolent application users.
(wxPython doesn't make any security claims either, but if it turned out that you
could gain root access, modify the underlying database, modify variables in the
program, execute arbitrary code, or some other similar thing simply by typing the
right things into a password entry field, wouldn't you consider that a security
issue?)
(no, this issue isn't related to wxPython)
</F>
More information about the Python-list
mailing list