[python-committers] "Gratuitous"? incompatibilities in the "fix only" releases
Guido van Rossum
guido at python.org
Wed Jul 29 19:50:14 CEST 2015
More information about the python-committers mailing list
Wed Jul 29 19:50:14 CEST 2015
- Previous message (by thread): [python-committers] "Gratuitous"? incompatibilities in the "fix only" releases
- Next message (by thread): [python-committers] "Gratuitous"? incompatibilities in the "fix only" releases
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
When in doubt, such discussions should be escalated to python-dev. I don't know if this one was, though I vaguely recall seeing it discussed somewhere. Anyway, since it's been released, it should stay in. On Wed, Jul 29, 2015 at 7:31 PM, Robert Collins <robertc at robertcollins.net> wrote: > On 30 July 2015 at 05:20, Eric Snow <ericsnowcurrently at gmail.com> wrote: > > > > On Jul 29, 2015 11:08 AM, "Robert Collins" <robertc at robertcollins.net> > > wrote: > >> > >> On 30 July 2015 at 04:50, Guido van Rossum <guido at python.org> wrote: > >> > The more recent Python 2.7 bugfix releases have > >> > specific exemptions from the backwards compatibility requirements for > >> > security fixes -- because their lifespan will still be many years (EOL > >> > of > >> > 2.7 is summer 2020). > >> [snip] > >> https://docs.python.org/devguide/devcycle.html#security-branches > >> "...The only changes made to a security branch are those fixing issues > >> exploitable by attackers such as crashes, privilege escalation and, > >> optionally, other issues such as denial of service attacks. Any other > >> changes are not considered a security risk and thus not backported to > >> a security branch." > >> > >> This page doesn't specify the exception for 2.7, and by my poor > >> reading of it the http issue wouldn't pass muster - but I think it was > >> appropriate to apply. So I'm confused. Help :). > > > > See PEP 466. > > > > https://www.python.org/dev/peps/pep-0466/ > > Thanks - but that doesn't cover the 22928 fix as far as I can tell. It > explicitly says in fact that its not carte blanch, and that things > still need to be discussed.... > > and I'm still not clear where we should discuss them :) > > -Rob > > -- > Robert Collins <rbtcollins at hp.com> > Distinguished Technologist > HP Converged Cloud > -- --Guido van Rossum (python.org/~guido) -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-committers/attachments/20150729/75eafe4b/attachment.html>
- Previous message (by thread): [python-committers] "Gratuitous"? incompatibilities in the "fix only" releases
- Next message (by thread): [python-committers] "Gratuitous"? incompatibilities in the "fix only" releases
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the python-committers mailing list