[Python-Dev] Whats New in 3.4 is pretty much done... (original) (raw)
Antoine Pitrou solipsis at pitrou.net
Thu Mar 13 14:08:42 CET 2014
- Previous message: [Python-Dev] Whats New in 3.4 is pretty much done...
- Next message: [Python-Dev] Whats New in 3.4 is pretty much done...
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Le 13/03/2014 11:49, Christian Heimes a écrit :
Thanks a lot David and Victor! The list of security improvements is missing one, maybe two points that are IMHO relevant:
* All stdlib modules now support server cert verification including hostname matching and CRL.
CRL? really? I don't remember us doing automatic CRL downloads.
And there is the point with Coverity Scan. We have reached zero defects about half a year ago and fixed all new defects in a matter of days. I'll try to keep the defect rate down to zero in the future, too. The tool has helped me to identify a bunch of security-relevant issues like buffer overflows, invalid casts and more. It's something worth mentioning. But I don't want it to sound like an advert... Suggestions?
I don't think it should be mentioned at all. General code quality improvements are a given in any release, the fact that the issues were detected by Coverity rather than human scrutiny is a non-information (except as advertising for Coverity).
Regards
Antoine.
- Previous message: [Python-Dev] Whats New in 3.4 is pretty much done...
- Next message: [Python-Dev] Whats New in 3.4 is pretty much done...
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]