This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author vstinner
Recipients Arfrever, barry, benjamin.peterson, christian.heimes, djc, eli.bendersky, ezio.melotti, franck, georg.brandl, jwilk, larry, martin.panter, mcepl, ned.deily, pitrou, rhettinger, rsandwick3, scoder, serhiy.storchaka, steve.dower, vstinner
Date 2018-09-17.23:11:11
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1537225871.65.0.956365154283.issue17239@psf.upfronthosting.co.za>
In-reply-to
Content 
> Any reason to not take the current patch for our vendored copy and give it some exposure at least on platforms that rely on it (maybe just Windows)? I don't see any reason to wait on another group to "release" it when we need to manually apply the update to our own repo anyway.

My policy is upstream fix: first, get a change merged upstream.

If we start with a downstream patch:

* only Windows and macOS will get the fix
* upstream may require changes making the change incompatible, for example change the default limits
* I would prefer to keep Modules/expat/ as close as possible to the upstream

Python is vulnerable for years, it's not like there is an urgency to fix it.
History
Date User Action Args
2018-09-17 23:11:11vstinnersetrecipients: + vstinner, barry, georg.brandl, rhettinger, pitrou, scoder, larry, christian.heimes, benjamin.peterson, jwilk, ned.deily, djc, mcepl, ezio.melotti, Arfrever, eli.bendersky, martin.panter, serhiy.storchaka, franck, steve.dower, rsandwick3
2018-09-17 23:11:11vstinnersetmessageid: <1537225871.65.0.956365154283.issue17239@psf.upfronthosting.co.za>
2018-09-17 23:11:11vstinnerlinkissue17239 messages
2018-09-17 23:11:11vstinnercreate