OSDir


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Python-Dev] Fwd: We cannot fix all issues: let's close XML security issues (not fix them)


Thank you Victor.

XML support in Python is critical and desired for many sectors like banking or telecoms,
and code base based on XML is still on rise in such world.

That's why keeping such bugs open is important, as it is not impossible that someone (banks, telecoms, google camps, government grants)
would simply fund small project aiming at fixing those bugs in XML. We never know.


-------- Beginning of forwarded message  --------
07.09.2018, 09:03, "Victor Stinner" <vstinner at redhat.com>:

Le jeu. 6 sept. 2018 ? 21:10, Steve Dower <steve.dower at python.org> a ?crit :
> ?If Christian is not able to keep maintaining the defused* packages, then
> ?I may take a look at this next week at the sprints. The built-in XML
> ?packages actually don't meet Microsoft's internal security requirements,
> ?so I have some business motivation to do it.

Great! The best would be to be able to merge defuse* features into the
stdlib. Maybe not change the default, but add an option to enable
security counter-measures.

Victor
_______________________________________________
Python-Dev mailing list
Python-Dev at python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: https://mail.python.org/mailman/options/python-dev/pms.coder%40yandex.ru
-------- End of forwarded message --------