[python-committers] [Python-Dev] next beta

Barry Warsaw barry at python.org
Thu Aug 14 06:14:07 CEST 2008

Previous message: [python-committers] [Python-Dev] next beta
Next message: [python-committers] [Python-Dev] next beta
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Aug 13, 2008, at 7:33 PM, Martin v. Löwis wrote:

>>> Because there won't typically be sufficient testing and release
>>> infrastructure to allow arbitrary bug fixes to be committed on the
>>> branch. The buildbots are turned off, and nobody tests the release
>>> candidate, no Windows binaries are provided - thus, chances are very
>>> high that a bug fix release for some very old branch will be *worse*
>>> than the previous release, rather than better.
>>
>> Why is that qualitatively different than a security fix?  All the  
>> same
>> conditions apply.
>
> No. The problem being fixed is completely different. For a security  
> fix,
> it is typically fairly obvious what the bug being fixed is (in
> particular, if you look at the recent ones dealing with overflows):  
> the
> interpreter crashes without the patch, and stops crashing (but raises
> an exception instead) with the patch.

That's true of a certain class of bugs, probably mostly in the C  
code.  I think potential security bugs in Python code will be closer  
to "regular" bug fixes.

>> I'm glad it wasn't much effort.  Would you propose using  
>> technological
>> means to close the branch?
>
> They are still open for security patches (well, 2.4 is; under my
> proposed policy, 2.3 isn't anymore). If people think it's desirable,
> we could rename the branch, or we could enforce a certain keyword
> (e.g. "security") in the commit messages.

I was thinking about preventing commits on the branch.  Most security  
fixes of the type you describe come in through the psrt, and they may  
even be embargoed.  For a closed branch, you'd open it for the  
security patches when the embargo is lifted, make the commits, then  
close it again.  That would at least be a very strong clue that the  
branch is closed :).

- -Barry

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iQCVAwUBSKOxEHEjvBPtnXfVAQLnDwP/SxtyECt++5uvFKdwIkop7xP2tyLy7IBW
sigKb7WOvVH/Iiz16xf7zdEuXqsV1h59QvPDCzwk8/6VTggjbfhZ9qt+PdwlClzL
cbc1JFI0DSDQ8tVOiPtJhsvvAhXMAlZI5FmMRxp77Cc3y9JUwczxzIP2fXw4IvUQ
K6WO3bLbY5s=
=USCq
-----END PGP SIGNATURE-----

Previous message: [python-committers] [Python-Dev] next beta
Next message: [python-committers] [Python-Dev] next beta
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the python-committers mailing list