Author steve.dower
Recipients Jason.Killen, christian.heimes, plokmijnuhby, steve.dower, taleinat
Date 2019-11-18.19:10:39
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1574104240.02.0.622777294724.issue38722@roundup.psfhosted.org>
In-reply-to
Content
It's a security issue because Python 3.8 says it will open files to be executed with io.open_code() instead of open(). This allows a way to bypass that.

That said, this appears to be a fallback case, so I'm not hugely concerned. I haven't quite figured out why it would fall back here (that involved reading the pkgutil sources ;) ).

I would vote for backporting to 3.8.1, but if Tal wants to push back and nobody else has an opinion then whatever.
History
Date User Action Args
2019-11-18 19:10:40steve.dowersetrecipients: + steve.dower, taleinat, christian.heimes, Jason.Killen, plokmijnuhby
2019-11-18 19:10:40steve.dowersetmessageid: <1574104240.02.0.622777294724.issue38722@roundup.psfhosted.org>
2019-11-18 19:10:40steve.dowerlinkissue38722 messages
2019-11-18 19:10:39steve.dowercreate