Hi,
On Mon, Jul 15, 2013 at 2:08 PM, R. David Murray rdmur...@bitdance.com wrote:
On Mon, 15 Jul 2013 11:09:08 +0300, Michael Foord mich...@voidspace.org.uk
wrote:
On 15 Jul 2013, at 11:05, M.-A. Lemburg m...@python.org wrote:
Who would be the one to contact for issues like these ?
On Mon, 15 Jul 2013 11:09:08 +0300, Michael Foord mich...@voidspace.org.uk
wrote:
On 15 Jul 2013, at 11:05, M.-A. Lemburg m...@python.org wrote:
Who would be the one to contact for issues like these ?
The case is rather urgent, since the XSS can be used for stealing
session cookies
On Mon, Jul 15, 2013 at 9:33 AM, Brett Cannon br...@python.org wrote:
On Mon, Jul 15, 2013 at 8:08 AM, R. David Murray rdmur...@bitdance.comwrote:
On Mon, 15 Jul 2013 11:09:08 +0300, Michael Foord
mich...@voidspace.org.uk wrote:
On 15 Jul 2013, at 11:05, M.-A. Lemburg m...@python.org
On Mon, 15 Jul 2013 08:22:40 -0400, Donald Stufft don...@stufft.io wrote:
So I was able to log in to the nobody account without a password
(Why is this even possible?). It gave me powers to edit users and some
other shit. I added a password to the nobody account since these lists
are publicly
On 2013-07-15 17:16, R. David Murray wrote:
I will make the password available to whoever is in charge, (Or they
can just change the password themselves I don't care).
I think the user should just be retired. My guess is that it dates
from
a time when we were less worried about bad actors
On 15 Jul, 2013, at 18:02, Antoine Pitrou solip...@pitrou.net wrote:
On 2013-07-15 17:16, R. David Murray wrote:
I will make the password available to whoever is in charge, (Or they
can just change the password themselves I don't care).
I think the user should just be retired. My guess is