[python-committers] "Gratuitous"? incompatibilities in the "fix only" releases
R. David Murray
rdmurray at bitdance.com
Thu Jul 30 01:24:55 CEST 2015
More information about the python-committers mailing list
Thu Jul 30 01:24:55 CEST 2015
- Previous message (by thread): [python-committers] "Gratuitous"? incompatibilities in the "fix only" releases
- Next message (by thread): [python-committers] "Gratuitous"? incompatibilities in the "fix only" releases
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, 30 Jul 2015 00:11:53 +0200, Jesus Cea <jcea at jcea.es> wrote: > On 29/07/15 18:50, Guido van Rossum wrote: > > I believe that in this particular case, the bug was fixed (by tightening > > the requirements for headers) because the bug can lead to security > > vulnerabilities. I think you can find more by Googling for keywords like > > "http header injection". The more recent Python 2.7 bugfix releases have > > specific exemptions from the backwards compatibility requirements for > > security fixes -- because their lifespan will still be many years (EOL > > of 2.7 is summer 2020). > > That argument is valuable but it fails when considering that this fix > will be present in 3.4.4 too, with a normal EOL. I am OK with that, > though. As I said, I sent my first message for policy verification and > to raise awareness. No, the security bug fix conditional exception applies to all maintenance releases. The big (PEP required) exception for 2.7 was that the *API* changed in 2.7 in certain ways. --David
- Previous message (by thread): [python-committers] "Gratuitous"? incompatibilities in the "fix only" releases
- Next message (by thread): [python-committers] "Gratuitous"? incompatibilities in the "fix only" releases
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the python-committers mailing list