"slippery Zips and Sticky Tar-Pits" From Python's Security Dev Seth Larson [pdf]

Postedabout 2 months ago

AlSweigart

2 points

1 comments

alpha-omega.devTechstory

supportivepositive

Debate

0/100

Python SecurityArchive FormatsVulnerability Remediation

Key topics

Python Security

Archive Formats

Vulnerability Remediation

The Python Software Foundation's Security Developer-in-Residence, Seth Larson, published a white paper on security vulnerabilities in common archive formats like ZIP and tar, and the community is sharing and acknowledging the work.

Snapshot generated from the HN discussion

Discussion Activity

Light discussion

First comment

N/A

Peak period

Start

Avg / period

Key moments

01Story posted
Nov 12, 2025 at 12:56 PM EST
about 2 months ago
Step 01
02First comment
Nov 12, 2025 at 12:56 PM EST
0s after posting
Step 02
03Peak activity
1 comments in Start
Hottest window of the conversation
Step 03
04Latest activity
Nov 12, 2025 at 12:56 PM EST
about 2 months ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (1 comments)

Showing 1 comments

AlSweigartAuthor

about 2 months ago

The Python Software Foundation Security Developer-in-Residence, Seth Larson, published a new white paper with Alpha-Omega titled "Slippery ZIPs and Sticky tar-pits: Security & Archives" about work to remediate 10 vulnerabilities affecting common archive format implementations such as ZIP and tar for critical Python projects.

PDF link: https://alpha-omega.dev/wp-content/uploads/sites/22/2025/10/...

PSF Blog: https://pyfound.blogspot.com/2025/10/slippery-zips-and-stick...

Alpha-Omega.dev: https://alpha-omega.dev/blog/slippery-zips-and-sticky-tar-pi...

View full discussion on Hacker News

ID: 45903343Type: storyLast synced: 11/17/2025, 6:02:33 AM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Open link View on HN