[Python-Dev] Releases for recent security vulnerability
Fred Drake
fdrake at acm.org
Fri Apr 15 15:54:53 CEST 2011
On Fri, Apr 15, 2011 at 8:59 AM, Antoine Pitrou <solipsis at pitrou.net> wrote:
> Relying on a vendor distribution (such as a Linux distro, or
> ActiveState) is hopefully enough to get these security updates in time
> without patching anything by hand. I don't think many people compile
> Python for production use, but many do use our Windows installers.
Antoine,
I actually expect many companies build their own Python for production use;
relying on the system Python has long been considered a stability vulnerability
by many of us. This is especially the case for large deployments,
where machines
are less likely to receive updates quickly.
I'd strongly recommend making sure releases are available for download quickly
in cases like this, even if (in any particular case) we think a vulnerability is
unlikely to affect many users. Whenever we think something like that, we're
always wrong.
-Fred
--
Fred L. Drake, Jr. <fdrake at acm.org>
"Give me the luxuries of life and I will willingly do without the necessities."
--Frank Lloyd Wright
More information about the Python-Dev
mailing list