[onerng talk] python-gnupg: switch from Vinay Sajip to Isis Agora Lovecruft version?
ilf
ilf at zeromail.org
Mon Feb 20 10:15:35 GMT 2017
Paul Campbell:
>> Would it be possible to use OneRNG with that newer version from Isis Agora
>> Lovecruft instead of the old one from Vinay Sajip?
> Can someone talk me through the differences? - is it simply a different
> package name?
It's the same name.
But Isis writes:
> Rewrite of Vinay Sajip's python-gnupg, including patches to fix a
> shell injection vulnerability due to unsanitised inputs being passed
> to subprocess.Popen([...], shell=True).
https://github.com/isislovecruft/python-gnupg
--
ilf
Über 80 Millionen Deutsche benutzen keine Konsole. Klick dich nicht weg!
-- Eine Initiative des Bundesamtes für Tastaturbenutzung
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.ourshack.com/pipermail/discuss/attachments/20170220/44288543/attachment.sig>
More information about the Discuss
mailing list