[Python-Dev] Releases for recent security vulnerability (original) (raw)
Jesse Noller jnoller at gmail.com
Sun Apr 17 15:30:17 CEST 2011
- Previous message: [Python-Dev] Releases for recent security vulnerability
- Next message: [Python-Dev] Releases for recent security vulnerability
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sun, Apr 17, 2011 at 7:48 AM, Antoine Pitrou <solipsis at pitrou.net> wrote:
On Sat, 16 Apr 2011 21:32:48 -0500 Brian Curtin <brian.curtin at gmail.com> wrote:
> Three weeks after this security vulnerability was publicly reported on > bugs.python.org, and two days after it was semi-officially announced, > I'm still waiting for security updates for my Ubuntu and Debian systems! > > I reckon if this had been handled differently (i.e., making new releases > and communicating it via the relevant channels [1]), we wouldn't have > the situation we have right now.
I don't really think there's a "situation" here, and I fail to see how the development blog isn't one of the relevant channels. If we want to make official announcements (like releases or security warnings), I don't think the blog is appropriate. A separate announcement channel (mailing-list or newsgroup) would be better, where people can subscribe knowing they will only get a couple of e-mails a year. Regards Antoine.
And whose responsibility is it to email yet another mythical list? The person posting the fix? The person who found and filed the CVE? The release manager?
Brian helped us by raising awareness of the issue: At least now there's a chance that one or more of the OS vendors saw that this was an issue that was fixed.
- Previous message: [Python-Dev] Releases for recent security vulnerability
- Next message: [Python-Dev] Releases for recent security vulnerability
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]