Author vstinner
Recipients Arfrever, barry, benjamin.peterson, christian.heimes, djc, eli.bendersky, ezio.melotti, franck, georg.brandl, jwilk, larry, martin.panter, mcepl, ned.deily, pitrou, rhettinger, rsandwick3, scoder, serhiy.storchaka, steve.dower, vstinner
Date 2018-09-17.23:11:11
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1537225871.65.0.956365154283.issue17239@psf.upfronthosting.co.za>
In-reply-to
Content
> Any reason to not take the current patch for our vendored copy and give it some exposure at least on platforms that rely on it (maybe just Windows)? I don't see any reason to wait on another group to "release" it when we need to manually apply the update to our own repo anyway.

My policy is upstream fix: first, get a change merged upstream.

If we start with a downstream patch:

* only Windows and macOS will get the fix
* upstream may require changes making the change incompatible, for example change the default limits
* I would prefer to keep Modules/expat/ as close as possible to the upstream

Python is vulnerable for years, it's not like there is an urgency to fix it.
History
Date User Action Args
2018-09-17 23:11:11vstinnersetrecipients: + vstinner, barry, georg.brandl, rhettinger, pitrou, scoder, larry, christian.heimes, benjamin.peterson, jwilk, ned.deily, djc, mcepl, ezio.melotti, Arfrever, eli.bendersky, martin.panter, serhiy.storchaka, franck, steve.dower, rsandwick3
2018-09-17 23:11:11vstinnersetmessageid: <1537225871.65.0.956365154283.issue17239@psf.upfronthosting.co.za>
2018-09-17 23:11:11vstinnerlinkissue17239 messages
2018-09-17 23:11:11vstinnercreate