Bastian Kleineidam wrote: > Hi, > > I just read this Post from Guido van Rossum[1] that the rexec.py and > Bastian.py modules have severe security flaws. These modules will be > disabled in the next 2.2 and 2.3 releases to avoid security risks. > [1] > http://groups.google.com/groups?selm=mailman.1041875417.12807.clpa-moderators%40python.org
Ouch. It's very sad that upstream says that they don't have the resources to fix security bugs in a widely used software. > I suggest to disable the above two modules in python2.2 (which is in > woody), even if existing applications can break. What do you think? I'd rather know about the vulnerability (and maybe doko is able to implement a fix) than to blindly castrate software. Theo d.R. already taught us that blindly releasing updates are not good. Regards, Joey -- Given enough thrust pigs will fly, but it's not necessarily a good idea.