Am 17.03.2013 19:59, schrieb Antoine Pitrou:
>> Why keep the libraries vulnerable for another year (3.4 final is expected
>> for early 2014), if there is something we can do about them now?
>
> Well, Christian said that his stdlib patch wasn't ready yet.
The patch is > 90% finished. All the hard
Am 17.03.2013 19:25, schrieb Eli Bendersky:
> I'll gladly review the _elementtree changes and can help with the expat
> & pyexpat changes as well. Until now I had the impression that the
> patches aren't ready for review yet. If they are, that's great.
The modifications to expat, pyexpat and _elem
2013/3/17 Barry Warsaw :
> On Mar 17, 2013, at 09:16 PM, Glenn Linderman wrote:
>
>>try:
>>newSimpleXMLAPI()
>>newapi = True
>>except Exception:
>>newapi = False
>
> try:
> True
> except NameError:
> True = 1
> False = 0
>
> -Barry
I understand why your bedtime is 21:30. :)
On Mar 17, 2013, at 09:16 PM, Glenn Linderman wrote:
>try:
>newSimpleXMLAPI()
>newapi = True
>except Exception:
>newapi = False
try:
True
except NameError:
True = 1
False = 0
-Barry
signature.asc
Description: PGP signature
___
On 3/17/2013 8:48 PM, Barry Warsaw wrote:
On Mar 17, 2013, at 05:37 PM, Christian Heimes wrote:
Any attempt to fix the XML issues *will* change the behavior of the
library and result into an incompatibility with older releases. Benjamin
doesn't want to change the behavior of our XML libraries.
On Mar 17, 2013, at 05:37 PM, Christian Heimes wrote:
>Any attempt to fix the XML issues *will* change the behavior of the
>library and result into an incompatibility with older releases. Benjamin
>doesn't want to change the behavior of our XML libraries. IIRC Georg and
>Barry are +0. I think that
On Sun, Mar 17, 2013 at 12:00 PM, Stefan Behnel wrote:
> Eli Bendersky, 17.03.2013 19:25:
> > IMHO Benjamin is right, given that this attack has been known to exist
> > since 2003. Moreover, as it appears that no changes whatsoever are going
> to
> > make it into 2.7, I don't see why patching of
On Sun, 17 Mar 2013 20:00:19 +0100
Stefan Behnel wrote:
> Eli Bendersky, 17.03.2013 19:25:
> > IMHO Benjamin is right, given that this attack has been known to exist
> > since 2003. Moreover, as it appears that no changes whatsoever are going to
> > make it into 2.7, I don't see why patching of 3.
Eli Bendersky, 17.03.2013 19:25:
> IMHO Benjamin is right, given that this attack has been known to exist
> since 2003. Moreover, as it appears that no changes whatsoever are going to
> make it into 2.7, I don't see why patching of 3.1, 3.2 and 3.3 is needed.
> As for 3.4, it can't hurt to add an o
I like to give an update on the XML vulnerability fixes. Brett has asked
> me a couple of days ago but I haven't had time to answer. I was/am busy
> with my daily job.
>
> Any attempt to fix the XML issues *will* change the behavior of the
> library and result into an incompatibility with older re
Hello,
I like to give an update on the XML vulnerability fixes. Brett has asked
me a couple of days ago but I haven't had time to answer. I was/am busy
with my daily job.
Any attempt to fix the XML issues *will* change the behavior of the
library and result into an incompatibility with older rele
11 matches
Mail list logo
