Author debatem1
Recipients Ryan.Tucker, ahasenack, asdfasdfasdfasdfasdfasdfasdf, debatem1, devin, giampaolo.rodola, heikki, janssen, jsamuel, orsenthil, pitrou, vila, zooko
Date 2010-09-29.18:45:33
SpamBayes Score 5.11731e-08
Marked as misclassified No
Message-id <AANLkTinGjkcgB6J0N8XTnVKhz-_WkVtGYFgGetm-GrmL@mail.gmail.com>
In-reply-to <1285785261.3194.12.camel@localhost.localdomain>
Content
On Wed, Sep 29, 2010 at 11:34 AM, Antoine Pitrou <report@bugs.python.org> wrote:
>
> Antoine Pitrou <pitrou@free.fr> added the comment:
>
>> Here is a letter that I just received, in my role as a developer of
>> Tahoe-LAFS, from a concerned coder who doesn't know much about Python:
>>
>> > An FYI on Python.
>> >
>> > I'm not sure how businesses handle this (I've always worked in
>> Windows
>> > shops), but I imagine some might consider pulling Python until it is
>> > properly secured. Pulling Python might affect Tahoe, which I would
>> > like to see do well.
>
> That sounds like an inventively outrageous kind of FUD. It's the first
> time I hear of someone writing to third-party library authors in order
> to pressure them to pressure the maintainers of a programming language
> implementation to make some "decisions".

Not to add fuel to the fire, but I've had a user report this behavior
as a bug as well, so this isn't entirely outside the scope of
plausibility to me.

> By the way, if "businesses" are really concerned about the security
> problems induced by this issue, they can sponsor the effort to get the
> bug fixed. It shouldn't be a lot of work.

What would the approximate cost on that be, do you think? My
understanding was that the code was pretty much written given John
Nagle's patch and M2Crypto.

Geremy Condra
History
Date User Action Args
2010-09-29 18:45:35debatem1setrecipients: + debatem1, zooko, janssen, orsenthil, pitrou, giampaolo.rodola, vila, heikki, ahasenack, jsamuel, devin, asdfasdfasdfasdfasdfasdfasdf, Ryan.Tucker
2010-09-29 18:45:33debatem1linkissue1589 messages
2010-09-29 18:45:33debatem1create