Home Original page

[python-committers] "Gratuitous"? incompatibilities in the "fix only" releases

Jesus Cea jcea at jcea.es
Thu Jul 30 00:11:53 CEST 2015 
On 29/07/15 18:50, Guido van Rossum wrote:
> I believe that in this particular case, the bug was fixed (by tightening
> the requirements for headers) because the bug can lead to security
> vulnerabilities. I think you can find more by Googling for keywords like
> "http header injection". The more recent Python 2.7 bugfix releases have
> specific exemptions from the backwards compatibility requirements for
> security fixes -- because their lifespan will still be many years (EOL
> of 2.7 is summer 2020).

That argument is valuable but it fails when considering that this fix
will be present in 3.4.4 too, with a normal EOL. I am OK with that,
though. As I said, I sent my first message for policy verification and
to raise awareness.

:-).

PS: I rarely read python-dev. Too much traffic for me :-(.

-- 
Jesús Cea Avión                         _/_/      _/_/_/        _/_/_/
jcea at jcea.es - http://www.jcea.es/     _/_/    _/_/  _/_/    _/_/  _/_/
Twitter: @jcea                        _/_/    _/_/          _/_/_/_/_/
jabber / xmpp:jcea at jabber.org  _/_/  _/_/    _/_/          _/_/  _/_/
"Things are not so easy"      _/_/  _/_/    _/_/  _/_/    _/_/  _/_/
"My name is Dump, Core Dump"   _/_/_/        _/_/_/      _/_/  _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/python-committers/attachments/20150730/8bf43e18/attachment.sig>
More information about the python-committers mailing list