[Python-Dev] Python 2.7 patch levels turning two digit (original) (raw)

M.-A. Lemburg mal at egenix.com
Sat Jun 21 12:27:17 CEST 2014

• Previous message: [Python-Dev] PyPy3 2.3.1 released
• Next message: [Python-Dev] Python 2.7 patch levels turning two digit
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

With PEP 466 and the constant flow of OpenSSL security fixes which are currently being handled via Python patch level releases, we will soon reach 2.7.10 and quickly go beyond that (also see http://bugs.python.org/issue21308).

This opens up a potential backwards incompatibility with existing tools that assume the Python release version number to use the "x.y.z" single digit approach, e.g. code that uses sys.version[:5] for the Python version or relies on the lexicographic ordering of the version string (sys.version > '2.7.2').

Some questions we should probably ask ourselves (I've added my thoughts inline):

• Is it a good strategy to ship to Python releases for every single OpenSSL security release or is there a better way to handle these 3rd party issues ?

  I think we should link to the OpenSSL libs dynamically rather than statically in Python 2.7 for Windows so that it's possible to provide drop-in updates for such issues.

• Should we try to avoid two digit patch level release numbers by using some other mechanism such as e.g. a release date after 2.7.9 ?

  Grepping through our code, this will introduce some breakage, but not much. Most older code branches on minor versions, not patch levels. More recent code uses sys.python_info so is not affected.

• Should we make use of the potential breakage with 2.7.10 to introduce a new Windows compiler version for Python 2.7 ?

  I think this would be a good chance to update the compiler to whatever we use for Python 3 at the time.

-- Marc-Andre Lemburg eGenix.com

Professional Python Services directly from the Source (#1, Jun 21 2014)

Python Projects, Consulting and Support ... http://www.egenix.com/ mxODBC.Zope/Plone.Database.Adapter ... http://zope.egenix.com/ mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/

2014-06-17: Released eGenix PyRun 2.0.0 ... http://egenix.com/go58 2014-06-09: Released eGenix pyOpenSSL 0.13.3 ... http://egenix.com/go57 2014-07-02: Python Meeting Duesseldorf ... 11 days to go

eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/

• Previous message: [Python-Dev] PyPy3 2.3.1 released
• Next message: [Python-Dev] Python 2.7 patch levels turning two digit
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list