Message 352831 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	ammar2
Recipients	ammar2, benjamin.peterson, gregory.p.smith, jaraco, larry, lukasz.langa, ned.deily, tburke, webknjaz, xtreak
Date	2019-09-20.04:22:10
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1568953330.55.0.709675711846.issue38216@roundup.psfhosted.org>
In-reply-to

Content
> What bothers me here is that we apparently changed de facto behavior between maintenance releases, in the middle of 3.7's lifecycle, without warning, no doubt because we didn't realize it would break third-party packages. Arguably, I think the programs that are affected by this vulnerability far outnumber the amount of third-party packages that will be broken. The trade-off here seems to be between the promise of compatibility and the promise of security, choosing compatibility strikes me as odd.

> What bothers me here is that we apparently changed de facto behavior between maintenance releases, in the middle of 3.7's lifecycle, without warning, no doubt because we didn't realize it would break third-party packages.

Arguably, I think the programs that are affected by this vulnerability far outnumber the amount of third-party packages that will be broken. The trade-off here seems to be between the promise of compatibility and the promise of security, choosing compatibility strikes me as odd.

History
Date	User	Action	Args
2019-09-20 04:22:10	ammar2	set	recipients: + ammar2, gregory.p.smith, jaraco, larry, benjamin.peterson, ned.deily, lukasz.langa, webknjaz, tburke, xtreak
2019-09-20 04:22:10	ammar2	set	messageid: <1568953330.55.0.709675711846.issue38216@roundup.psfhosted.org>
2019-09-20 04:22:10	ammar2	link	issue38216 messages
2019-09-20 04:22:10	ammar2	create