[python-committers] "Gratuitous"? incompatibilities in the "fix only" releases

Eric Snow ericsnowcurrently at gmail.com
Wed Jul 29 19:20:43 CEST 2015

Previous message (by thread): [python-committers] "Gratuitous"? incompatibilities in the "fix only" releases
Next message (by thread): [python-committers] "Gratuitous"? incompatibilities in the "fix only" releases
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Jul 29, 2015 11:08 AM, "Robert Collins" <robertc at robertcollins.net>
wrote:
>
> On 30 July 2015 at 04:50, Guido van Rossum <guido at python.org> wrote:
> > The more recent Python 2.7 bugfix releases have
> > specific exemptions from the backwards compatibility requirements for
> > security fixes -- because their lifespan will still be many years (EOL
of
> > 2.7 is summer 2020).
> [snip]
> https://docs.python.org/devguide/devcycle.html#security-branches
> "...The only changes made to a security branch are those fixing issues
> exploitable by attackers such as crashes, privilege escalation and,
> optionally, other issues such as denial of service attacks. Any other
> changes are not considered a security risk and thus not backported to
> a security branch."
>
> This page doesn't specify the exception for 2.7, and by my poor
> reading of it the http issue wouldn't pass muster - but I think it was
> appropriate to apply. So I'm confused. Help :).

See PEP 466.

https://www.python.org/dev/peps/pep-0466/

-eric
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-committers/attachments/20150729/955ae167/attachment-0001.html>

Previous message (by thread): [python-committers] "Gratuitous"? incompatibilities in the "fix only" releases
Next message (by thread): [python-committers] "Gratuitous"? incompatibilities in the "fix only" releases
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the python-committers mailing list