[Python-Dev] 2.5.2 release coming up (original) (raw)
Steve Holden steve at holdenweb.com
Wed Jan 23 21:49:51 CET 2008
- Previous message: [Python-Dev] 2.5.2 release coming up
- Next message: [Python-Dev] 2.5.2 release coming up
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Guido van Rossum wrote:
On Jan 23, 2008 12:25 PM, Steve Holden <steve at holdenweb.com> wrote:
Giampaolo Rodola' wrote:
Also, nothing should go into the 2.4 branch any more except important security patches. ^^^^^^^^^ http://bugs.python.org/issue1745035 I guess this one should concern both 2.4 and 2.5 branches.
Egregious though the error may be I can't myself see that a complete new release is justified simply to include a four-line patch in a single (not often-used?) module. If it were a buffer overflow it might be different (but that would pretty much have to involve a C component). Couldn't we just publicize the patch? I can't bring myself to believe that 1745035 is really "important" enough. It should go into 2.5 for sure. It should go into 2.4 at the discretion of the release manager. We are considering a pure-security-fixes source-only release of 2.4 (I wasn't 100% clear on that in my first mail in this thread). IMO DoS vulnerabilities are rarely worth getting excited about, unless they have the potential of bringing down a significant portion of the internet. This one doesn't. Yes. There has to be a 2.5.2 release and there's no reason to exclude it from that.
regards Steve
Steve Holden +1 571 484 6266 +1 800 494 3119 Holden Web LLC http://www.holdenweb.com/
- Previous message: [Python-Dev] 2.5.2 release coming up
- Next message: [Python-Dev] 2.5.2 release coming up
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]