OP: >>I find this response a bit dissappointing frankly. Open Source people >>make such a big deal about having lots of people being able to look at >>source code and from that discover security problems, thus making it >>somehow making it better than proprietary source code.
OP: Did you discover this supposed security hole from black-box observation of behavior or by being one of the 'lots of people being able to look at source code', thereby giving evidence to the point? Everyone: I say 'supposed' because a) The OP has provided no info about his/her claim. b) The OP's original post is a classical troll: blast volunteer developers for not having anticipated and planned for a novel situation; argue against things not said, at least now here, not recently; imply that volunteers own him something. Most people with the expertise to detect a security hole would know better. c) The noise generated because of b) has alerted any malware writers monitering c.l.p for hints about exploitable security holes that there might be one in one of the few modules where such could reasonably be. OP: If my doubts are wrong and you really do have something to quietly report to the 'authority', then do so, and quit making a noise about it. Terry J. Reedy -- http://mail.python.org/mailman/listinfo/python-list