[issue44804] Port fix of "issue44422" to Python3.6.x
Ned Deily
report at bugs.python.org
Mon Aug 2 02:42:14 EDT 2021
Ned Deily <nad at python.org> added the comment:
Sorry you are running into this problem. Alas, Python 3.6 has been in the "security-fix-only" phase of its life cycle for over 2.5 years now and will reach end-of-life in several months at the end of 2021. Our criteria for changes to a "security" branch are:
"The only changes made to a security branch are those fixing issues exploitable by attackers such as crashes, privilege escalation and, optionally, other issues such as denial of service attacks. Any other changes are not considered a security risk and thus not backported to a security branch."
The problem referenced here does not seem to meet those criteria and thus the original fix was not considered for backporting to current security branches, i.e. 3.8, 3.7, and 3.6. Unless it can be shown that the problem can be exploited as an attack vector, it is not eligible to be officially backported to 3.6.
However, there is nothing stopping either you or a downstream supplier of Python 3.6 (like RedHat) from backporting it yourselves.
https://devguide.python.org/devcycle/#security-branches
----------
resolution: -> out of date
stage: -> resolved
status: open -> closed
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue44804>
_______________________________________
More information about the Python-bugs-list
mailing list