[Python-Dev] [python-committers] Proposed release schedule for Python 3.5.4 (original) (raw)

Victor Stinner victor.stinner at gmail.com
Thu Jun 22 04:04:01 EDT 2017

For 3.4, please review my pending security fixes :-) There are more of them.

About the cipher list in ssl, the change itself is simple but it's to blacklist DES and 3DES since it has been proved that these ciphers are really too weak nowadays: http://python-security.readthedocs.io/vuln/cve-2016-2183_sweet32_attack_des_3des.html

By the way, is Larry the only one to be able to merge changes in 3.4? Before GitHub, all core dev were technically allowed to push in security-only branches.

I would be interested to be allowed to push my own security fixes, but also to enable Travis CI and maybe AppVeyor on the 3.4 and 3.3 branches.

Victor

Le 22 juin 2017 04:58, "Larry Hastings" <larry at hastings.org> a écrit :

It's time to start planning the next 3.5 release, 3.5.4. Note that this will be the last 3.5 "bugfix" release; after 3.5.4, the 3.5 branch will only be open for security fixes. 3.5.4 will also be the last release of 3.5 with binary installers. I propose to tag and release 3.5.4 on these dates: 3.5.4rc1 tag Sat July 22 2017 release Sun July 23 2017 3.5.4 final tag Sun Aug 6 2017 release Mon Aug 7 2017 Thus rc1 would be tagged in just over four weeks. As for 3.4-- Lately I've been releasing new versions of 3.5 and 3.4 at the same time. But I'm not sure it's worth the effort to release another 3.4 right now. There have only been two (2) checkins into the 3.4 branch since 3.4.6 was released back in January: f37b0cb230069481609b0bb06891b5dd26320504 bpo-25008: Deprecate smtpd and point to aiosmtpd fa53dbdec818b0f2a0e22ca12a49d83ec948fc91 Issues #27850 and #27766: Remove 3DES from ssl default cipher list and add ChaCha20 Poly1305. The first was a documentation-only change which is already live on docs.python.org. The second changes the DEFAULTCIPHERS and RESTRICTEDSERVERCIPHERS constants in Lib/ssl.py. A reasonable change, but minor. I'm not convinced it's worth spending the time of many people in the community at large to update 3.4 just for this. If you have any feedback / concerns about this schedule, or if you think it's important that I release 3.4.7 with these minor changes, please reply here. If I don't hear anything back in a day or two I'll go ahead and make this the official schedule. Your friendly neighborhood release manager, /arry

python-committers mailing list python-committers at python.org https://mail.python.org/mailman/listinfo/python-committers Code of Conduct: https://www.python.org/psf/codeofconduct/ -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20170622/bd1dc069/attachment.html>

More information about the Python-Dev mailing list