This issue tracker has been migrated to GitHub ,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2010年06月28日 17:25 by techtonik, last changed 2022年04月11日 14:57 by admin. This issue is now closed.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| picklesec.patch | bytbox, 2010年07月19日 03:51 | Patch | review | |
| Messages (8) | |||
|---|---|---|---|
| msg108847 - (view) | Author: anatoly techtonik (techtonik) | Date: 2010年06月28日 17:25 | |
Pickle warning about insecurity is located only at the second page near the bottom of "Relationship to other Python modules" chapter. For me the proper place for it is the first page of documentation. |
|||
| msg108848 - (view) | Author: Alexander Belopolsky (belopolsky) * (Python committer) | Date: 2010年06月28日 17:34 | |
See also issue8855. I believe Anatoly refers to http://docs.python.org/py3k/library/pickle.html I agree, the warning can be moved up so that it is visible on the first page in typical rendering. Note that there is also http://docs.python.org/py3k/tutorial/inputoutput.html#the-pickle-module which contains no warning at all. |
|||
| msg108851 - (view) | Author: anatoly techtonik (techtonik) | Date: 2010年06月28日 18:30 | |
Also http://docs.python.org/library/pickle.html http://docs.python.org/library/logging.html#sending-and-receiving-logging-events-across-a-network and http://mail.python.org/pipermail/python-dev/2010-June/101179.html The link to Nadia blog is also very helpful for investigation of pickle problems http://nadiana.com/python-pickle-insecure |
|||
| msg110711 - (view) | Author: Scott Lawrence (bytbox) | Date: 2010年07月19日 03:51 | |
Patch warning in relevant places of pickle's vulnerability to insecure data, including the place referenced by issue8855. |
|||
| msg110712 - (view) | Author: Alexander Belopolsky (belopolsky) * (Python committer) | Date: 2010年07月19日 03:58 | |
LGTM Unless someone objects, I will check that the patch generates reasonable HTML and apply. |
|||
| msg110769 - (view) | Author: Alexander Belopolsky (belopolsky) * (Python committer) | Date: 2010年07月19日 15:57 | |
The patch does not apply to py3k. Also, when you generate patches please do so from the root directory of the branch. For example, tutorial/inputoutput.rst should be patched as Doc/tutorial/inputoutput.rst. Thanks. |
|||
| msg113198 - (view) | Author: Terry J. Reedy (terry.reedy) * (Python committer) | Date: 2010年08月07日 20:28 | |
FWIW, I agree too. The current location is a bit odd. |
|||
| msg118925 - (view) | Author: Georg Brandl (georg.brandl) * (Python committer) | Date: 2010年10月17日 10:26 | |
Moved pickle warning in r85621. A warning in shelve was already added for issue8855. For the tutorial, I don't think a warning needs to be added. Same goes for logging. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022年04月11日 14:57:02 | admin | set | github: 53351 |
| 2010年10月17日 10:26:07 | georg.brandl | set | status: open -> closed nosy: + georg.brandl messages: + msg118925 |
| 2010年08月07日 20:28:49 | terry.reedy | set | nosy:
+ terry.reedy messages: + msg113198 |
| 2010年08月07日 20:27:48 | terry.reedy | set | versions: + Python 3.1, - Python 2.6 |
| 2010年07月28日 16:46:43 | belopolsky | set | nosy:
+ BreamoreBoy |
| 2010年07月19日 15:57:23 | belopolsky | set | messages: + msg110769 |
| 2010年07月19日 03:58:04 | belopolsky | set | assignee: docs@python -> belopolsky resolution: accepted messages: + msg110712 stage: needs patch -> commit review |
| 2010年07月19日 03:51:25 | bytbox | set | files:
+ picklesec.patch nosy: + bytbox messages: + msg110711 keywords: + patch |
| 2010年06月28日 18:30:14 | techtonik | set | messages: + msg108851 |
| 2010年06月28日 17:34:47 | belopolsky | set | nosy:
+ belopolsky messages: + msg108848 keywords: + easy type: enhancement stage: needs patch |
| 2010年06月28日 17:25:54 | techtonik | create | |