[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFS: zodbpickle/0.6.0-1 [ITP]

Le 04/27/17 à 06:08, Paul Wise a écrit :
> On Fri, 9 Dec 2016 21:24:48 +0100 Julien Muchembled wrote:
>>     python-zodbpickle - Fork of pickle module, for ZODB
> If this enters Debian, please make sure that you notify the security
> team to update their embedded-code-copies file, which tracks both
> embedded copies and forks of projects.
> https://wiki.debian.org/EmbeddedCodeCopies

python-zodbpickle has just entered Debian and as planned, I suggest to update embedded-code-copies because this package forks the 'pickle' modules of Python 2.7.6 and 3.3.2

For Python 2:

        - zodbpickle <unknown> (embed)
        NOTE: embeds stdlib modules: pickle, cpickle

I am surprised to see no entry for any version of Python 3. Maybe start one with python3.6

However, given the warning at the top of https://docs.python.org/3/library/pickle.html
I am not sure it's useful to bother about the security of this code.

And unfortunately, the many changes in Python are not merged into zodbpickle.


Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: