Author Iman Sharafaldin
Recipients Iman Sharafaldin, christian.heimes, serhiy.storchaka, vstinner
Date 2020-07-06.15:04:05
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
It's interesting that you would not count a critical segfault in Pickle as a threat, because there are numerous libraries that are Unpickling untrusted user data (even-though some of them are using RestrictedUnpickler to protect themselves but a segfault would bypass that). For example, Ray Project with five thousands commits ( 

Long story short, you advise us to not put time on checking the security of the Pickle module too, am I right?

Date User Action Args
2020-07-06 15:04:05Iman Sharafaldinsetrecipients: + Iman Sharafaldin, vstinner, christian.heimes, serhiy.storchaka
2020-07-06 15:04:05Iman Sharafaldinsetmessageid: <>
2020-07-06 15:04:05Iman Sharafaldinlinkissue41208 messages
2020-07-06 15:04:05Iman Sharafaldincreate