LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Python vulnerability disclosure

Python vulnerability disclosure

Posted Apr 29, 2011 1:20 UTC (Fri) by Baylink (subscriber, #755)
Parent article: Python vulnerability disclosure

>> To me, the fix *was* released. Sure, no fancy installers were generated yet, but people who are susceptible to this issue 1) now know about it, and 2) have a way to patch their system *if needed*.

Sure. Because, among making a living, eating, sleeping, and occasionally getting laid, *I* have time to monitor 600 sources for security advisories for the 45MLoC on the 19 Linux boxes I'm informally responsible for, and patch them all instantly, running acceptance tests on each.

I didn't even have all that much time *when that was my job*.

This is the same half-assed argument as the one that says that "security by obscurity" is bad. It's not... it's just not *enough*. Same principle.

There is *no* good answer, incidentally, in case you were gonna bash your brains in looking for one; that's why we *call* them Bad Guys.

(Log in to post comments)

Python vulnerability disclosure

Posted Apr 29, 2011 10:26 UTC (Fri) by fb (subscriber, #53265) [Link]

My thoughts exactly.

Saying that the issue was mentioned in a random blog post or email is nothing but a (lousy) disclaimer of responsibility.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds