[Python-Dev] Python 2.7 patch levels turning two digit (original) (raw)
"Martin v. Löwis" martin at v.loewis.de
Mon Jun 23 08:09:32 CEST 2014
- Previous message: [Python-Dev] Python 2.7 patch levels turning two digit
- Next message: [Python-Dev] Python 2.7 patch levels turning two digit
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
* Is it a good strategy to ship to Python releases for every single OpenSSL security release or is there a better way to handle these 3rd party issues ?
At least for Windows, a new release certainly needs to be made. It could be possible to produce MSI patch files, but this would still be a new release.
I think we should link to the OpenSSL libs dynamically rather than statically in Python 2.7 for Windows so that it's possible to provide drop-in updates for such issues.
It is possible to provide drop-in updates regardless of whether the OpenSSL libs are dynamically linked, as the _ssl module itself is a dynamic lib.
* Should we try to avoid two digit patch level release numbers by using some other mechanism such as e.g. a release date after 2.7.9 ?
If it was for me, then yes, certainly: the development of 2.7 should just stop :-)
* Should we make use of the potential breakage with 2.7.10 to introduce a new Windows compiler version for Python 2.7 ?
Assuming it is a good idea to continue producing Windows binaries for 2.7, I think it would be a bad idea to switch compilers. It will cause severe breakage of 2.7 installations, much more problematic than switching to two-digit version numbers.
Regards, Martin
- Previous message: [Python-Dev] Python 2.7 patch levels turning two digit
- Next message: [Python-Dev] Python 2.7 patch levels turning two digit
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]