[Python-Dev] We cannot fix all issues: let's close XML security issues (not fix them) (original) (raw)
Victor Stinner vstinner at redhat.com
Fri Sep 7 03:00:54 EDT 2018
- Previous message (by thread): [Python-Dev] We cannot fix all issues: let's close XML security issues (not fix them)
- Next message (by thread): [Python-Dev] Fwd: We cannot fix all issues: let's close XML security issues (not fix them)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Le jeu. 6 sept. 2018 à 21:10, Steve Dower <steve.dower at python.org> a écrit :
If Christian is not able to keep maintaining the defused* packages, then I may take a look at this next week at the sprints. The built-in XML packages actually don't meet Microsoft's internal security requirements, so I have some business motivation to do it.
Great! The best would be to be able to merge defuse* features into the stdlib. Maybe not change the default, but add an option to enable security counter-measures.
Victor
- Previous message (by thread): [Python-Dev] We cannot fix all issues: let's close XML security issues (not fix them)
- Next message (by thread): [Python-Dev] Fwd: We cannot fix all issues: let's close XML security issues (not fix them)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]