Message 117640 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	debatem1
Recipients	Ryan.Tucker, ahasenack, asdfasdfasdfasdfasdfasdfasdf, debatem1, devin, giampaolo.rodola, heikki, janssen, jsamuel, orsenthil, pitrou, vila, zooko
Date	2010-09-29.18:45:33
SpamBayes Score	5.11731e-08
Marked as misclassified	No
Message-id	<AANLkTinGjkcgB6J0N8XTnVKhz-_WkVtGYFgGetm-GrmL@mail.gmail.com>
In-reply-to	<1285785261.3194.12.camel@localhost.localdomain>

Content
On Wed, Sep 29, 2010 at 11:34 AM, Antoine Pitrou <report@bugs.python.org> wrote: > > Antoine Pitrou <pitrou@free.fr> added the comment: > >> Here is a letter that I just received, in my role as a developer of >> Tahoe-LAFS, from a concerned coder who doesn't know much about Python: >> >> > An FYI on Python. >> > >> > I'm not sure how businesses handle this (I've always worked in >> Windows >> > shops), but I imagine some might consider pulling Python until it is >> > properly secured. Pulling Python might affect Tahoe, which I would >> > like to see do well. > > That sounds like an inventively outrageous kind of FUD. It's the first > time I hear of someone writing to third-party library authors in order > to pressure them to pressure the maintainers of a programming language > implementation to make some "decisions". Not to add fuel to the fire, but I've had a user report this behavior as a bug as well, so this isn't entirely outside the scope of plausibility to me. > By the way, if "businesses" are really concerned about the security > problems induced by this issue, they can sponsor the effort to get the > bug fixed. It shouldn't be a lot of work. What would the approximate cost on that be, do you think? My understanding was that the code was pretty much written given John Nagle's patch and M2Crypto. Geremy Condra

On Wed, Sep 29, 2010 at 11:34 AM, Antoine Pitrou <report@bugs.python.org> wrote:
>
> Antoine Pitrou <pitrou@free.fr> added the comment:
>
>> Here is a letter that I just received, in my role as a developer of
>> Tahoe-LAFS, from a concerned coder who doesn't know much about Python:
>>
>> > An FYI on Python.
>> >
>> > I'm not sure how businesses handle this (I've always worked in
>> Windows
>> > shops), but I imagine some might consider pulling Python until it is
>> > properly secured. Pulling Python might affect Tahoe, which I would
>> > like to see do well.
>
> That sounds like an inventively outrageous kind of FUD. It's the first
> time I hear of someone writing to third-party library authors in order
> to pressure them to pressure the maintainers of a programming language
> implementation to make some "decisions".

Not to add fuel to the fire, but I've had a user report this behavior
as a bug as well, so this isn't entirely outside the scope of
plausibility to me.

> By the way, if "businesses" are really concerned about the security
> problems induced by this issue, they can sponsor the effort to get the
> bug fixed. It shouldn't be a lot of work.

What would the approximate cost on that be, do you think? My
understanding was that the code was pretty much written given John
Nagle's patch and M2Crypto.

Geremy Condra

History
Date	User	Action	Args
2010-09-29 18:45:35	debatem1	set	recipients: + debatem1, zooko, janssen, orsenthil, pitrou, giampaolo.rodola, vila, heikki, ahasenack, jsamuel, devin, asdfasdfasdfasdfasdfasdfasdf, Ryan.Tucker
2010-09-29 18:45:33	debatem1	link	issue1589 messages
2010-09-29 18:45:33	debatem1	create