Bastian Kleineidam writes: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > I just read this Post from Guido van Rossum[1] that the rexec.py and > Bastian.py modules have severe security flaws. These modules will be > disabled in the next 2.2 and 2.3 releases to avoid security risks. > [1] > http://groups.google.com/groups?selm=mailman.1041875417.12807.clpa-moderators%40python.org > > I suggest to disable the above two modules in python2.2 (which is in > woody), even if existing applications can break. What do you think?
as long as the upgrade situation is not resolved (new versions in security and woody-proposed-updates), an upload does not make any sense. what about providing a patch to _ask_ the user, if the two modules should be installed? (no, I don't write it).
