Message392684
Due to the relative obscurity of the bug and potential disruption of the fix, I decided not to include it in 3.8.
However, Michał's argument about 3.10 not being released for another five months is resonating with me and so we will be backporting the change to 3.9.5, to be released tomorrow. Victor's argument about opt-ins being a bad way to fix security also makes sense, although let me point out that we've made decisions the other way in the past as well, for instance with hash randomization.
In any case, the issue will be solved in Python 3.10.0 Beta 1 and Python 3.9.5. Having the fixed behavior "in 3.9.5 and newer" makes for easy mechanical checks whether a given version is affected. |
|
Date |
User |
Action |
Args |
2021-05-02 10:01:02 | lukasz.langa | set | recipients:
+ lukasz.langa, ncoghlan, vstinner, eric.smith, christian.heimes, ned.deily, pmoody, docs@python, mgorny, Julian, serhiy.storchaka, steve.dower, Joel Croteau, gc2 |
2021-05-02 10:01:01 | lukasz.langa | set | messageid: <1619949661.97.0.667887068663.issue36384@roundup.psfhosted.org> |
2021-05-02 10:01:01 | lukasz.langa | link | issue36384 messages |
2021-05-02 10:01:01 | lukasz.langa | create | |
|