Skip to content

Security policy: exceptions are not crashes#1849

Open
encukou wants to merge 1 commit into
python:mainfrom
encukou:exception-is-not-crash
Open

Security policy: exceptions are not crashes#1849
encukou wants to merge 1 commit into
python:mainfrom
encukou:exception-is-not-crash

Conversation

@encukou

@encukou encukou commented Jun 30, 2026

Copy link
Copy Markdown
Member

This is mostly word nitpicking, but: by "crash" we generally mean a segfault or similar; see Lib/test/crashers for example.
Unhandled exceptions are not crashes, and are not a security concern.

However, since segfaults usually can be weaponized, a “crash resulting from unhandled exception” would be a PSRT issue.

@read-the-docs-community

Copy link
Copy Markdown

Documentation build overview

📚 CPython devguide | 🛠️ Build #33373087 | 📁 Comparing 37d9801 against latest (3235043)

  🔍 Preview build  

1 file changed
± security/policy/index.html

@StanFromIreland StanFromIreland left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, however, can we keep it under availability vulnerabilities?

Comment thread security/policy.rst
This is to avoid handling performance improvements as security vulnerabilities.
Exceptions are an expected part of control flow when processing inputs,
therefore crashes resulting from unhandled exceptions are not security vulnerabilities.

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@StanFromIreland do you mean keeping it in the previous paragraph?

Suggested change

We can do that, but I think it reads better when it's separate.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm +1 for keeping it together, it goes naturally with "Vulnerabilities that affect availability" but I'll leave it up to you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants