[Python-Dev] [python-committers] Winding down 3.4
Larry Hastings
larry at hastings.org
Tue Aug 21 01:36:00 EDT 2018
If they're really all wontfix, maybe we should mark them as wontfix,
thus giving 3.4 a sendoff worthy of its heroic stature.
Godspeed, and may a flight of angels sing thee to thy rest,
//arry/
On 08/20/2018 05:52 AM, Victor Stinner wrote:
> > "shutil copy* unsafe on POSIX - they preserve setuid/setgit bits"
> > https://bugs.python.org/issue17180
>
> There is no fix. A fix may break the backward compatibility. Is it
> really worth it for the last 3.4 release?
>
> > "XML vulnerabilities in Python"
> > https://bugs.python.org/issue17239
>
> Bug inactive since 2015. I don't expect that anyone will step in next
> weeks with a wonderful solution to all XML issues. I suggest to ignore
> this one as well, this issue is as old as XML support in Python and I
> am not aware of any victim of these issues.
>
> Obviously, it would be "nice" to see a fix for these issues but it
> seems like core devs are more interested to work on other topics and
> other security issues.
>
>
> > "fflush called on pointer to potentially closed file" (Windows only)
> > https://bugs.python.org/issue19050
>
> It seems like two core devs are opposed to fix this issue.
>
> --
>
> There are open security issues on the HTTP server and urllib. I am
> more concerned by these issues, but it's hard to fix them, there is a
> risk of introducing regressions.
>
> Victor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20180820/8f19e58a/attachment.html>
More information about the Python-Dev
mailing list