Author ammar2
Recipients ammar2, benjamin.peterson, gregory.p.smith, jaraco, larry, lukasz.langa, ned.deily, tburke, webknjaz, xtreak
Date 2019-09-20.04:22:10
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1568953330.55.0.709675711846.issue38216@roundup.psfhosted.org>
In-reply-to
Content
> What bothers me here is that we apparently changed de facto behavior between maintenance releases, in the middle of 3.7's lifecycle, without warning, no doubt because we didn't realize it would break third-party packages.

Arguably, I think the programs that are affected by this vulnerability far outnumber the amount of third-party packages that will be broken. The trade-off here seems to be between the promise of compatibility and the promise of security, choosing compatibility strikes me as odd.
History
Date User Action Args
2019-09-20 04:22:10ammar2setrecipients: + ammar2, gregory.p.smith, jaraco, larry, benjamin.peterson, ned.deily, lukasz.langa, webknjaz, tburke, xtreak
2019-09-20 04:22:10ammar2setmessageid: <1568953330.55.0.709675711846.issue38216@roundup.psfhosted.org>
2019-09-20 04:22:10ammar2linkissue38216 messages
2019-09-20 04:22:10ammar2create