Message 263268 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	brett.cannon
Recipients	Antony.Lee, WGH, brett.cannon
Date	2016-04-12.17:40:12
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1460482812.75.0.561831840608.issue25330@psf.upfronthosting.co.za>
In-reply-to

Content
This can't change in Python 2.7 because of backwards-compatibility. And I would argue this isn't a serious security risk as pkgutil.get_data() typically works with string constants and values provided by the library and not user-provided values. This is basically the same as taking a value for open() and has the same risks.

This can't change in Python 2.7 because of backwards-compatibility. And I would argue this isn't a serious security risk as pkgutil.get_data() typically works with string constants and values provided by the library and not user-provided values. This is basically the same as taking a value for open() and has the same risks.

History
Date	User	Action	Args
2016-04-12 17:40:12	brett.cannon	set	recipients: + brett.cannon, Antony.Lee, WGH
2016-04-12 17:40:12	brett.cannon	set	messageid: <1460482812.75.0.561831840608.issue25330@psf.upfronthosting.co.za>
2016-04-12 17:40:12	brett.cannon	link	issue25330 messages
2016-04-12 17:40:12	brett.cannon	create