[Python-Dev] OpenSSL vulnerability (original) (raw)
Barry Warsaw barry at python.org
Mon Nov 9 15:12:02 CET 2009
- Previous message: [Python-Dev] OpenSSL vulnerability
- Next message: [Python-Dev] OpenSSL vulnerability
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Nov 8, 2009, at 12:56 PM, Martin v. Löwis wrote:
Also, for Python 2.5 and earlier, any SSL-based code is vulnerable to a MitM anyway, so this can only be an issue for code using the new APIs in Python 2.6.
That's not going to stop the wannabe-self-proclaimed-so-called-vulnerability-"experts" from whining about Python not releasing updated binary distributions though. :-( The Windows binaries currently build with 0.9.8g. Since changing that would be a source code change (even though just a single line), I think a full source release would be necessary (most likely then for both 2.6 and 3.1).
I don't think it's worth making a quick 2.6.5 release for this if it's
primary intent is to produce new Windows binaries. I'm okay with
making the changes to the tree, but we'll release 2.6.5 on a "normal"
schedule.
-Barry
-------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 194 bytes Desc: This is a digitally signed message part URL: <http://mail.python.org/pipermail/python-dev/attachments/20091109/38db296d/attachment.pgp>
- Previous message: [Python-Dev] OpenSSL vulnerability
- Next message: [Python-Dev] OpenSSL vulnerability
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]