[libvirt] [sandbox PATCH 01/11] Add virt-sandbox-image
agx at sigxcpu.org
Fri Jul 31 10:00:40 UTC 2015
On Fri, Jul 31, 2015 at 09:42:16AM +0100, Daniel P. Berrange wrote:
> On Fri, Jul 31, 2015 at 09:15:13AM +0200, Guido Günther wrote:
> > On Thu, Jul 23, 2015 at 03:57:27PM +0000, Eren Yagdiran wrote:
> > [..snip..]
> > > +def get_url(server, path, headers):
> > > + url = "https://" + server + path
> > > + debug(" Fetching %s..." % url)
> > > +
> > > + req = urllib2.Request(url=url)
> > This does not seem to do any certificate validation (just in case this
> > ends up in a distro's /usr/bin/ I can already see the CVE forthcoming).
> IIUC, with latest python2/3 urllib2 will now do certificate
> validation by default for https urls.
Ahh...since last November. Thanks for pointing this out! Should we then
at least check if python is recent enough?
More information about the libvir-list