[Python-Dev] 2.3.6 for the unicode buffer overrun
Barry Warsaw
barry at python.org
Thu Oct 12 17:36:37 CEST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Oct 12, 2006, at 4:08 AM, Anthony Baxter wrote:
> I've had a couple of queries about whether PSF-2006-001 merits a
> 2.3.6.
> Personally, I lean towards "no" - 2.4 was nearly two years ago now.
> But I'm
> open to other opinions - I guess people see the phrase "buffer
> overrun" and
> they get scared.
>
> Plus once 2.4.4 final is out next week, I'll have cut 12 releases
> since
> March. Assuming a 2.5.1 before March (very likely) that'll be 14
> releases
> in 12 months. 16 releases in 12 months would just about make me go
> crazy.
I've offered in the past to dust off my release manager cap and do a
2.3.6 release. Having not done one in a long while, the most
daunting part for me is getting the website updated, since I have
none of those tools installed.
I'm still willing to do a 2.3.6, though the last time this came up
the response was too underwhelming to care. I'm not sure this
advisory is enough to change people's minds about that -- I'm sure
any affected downstream distro is fully capable of patching and re-
releasing their own packages. Since this doesn't affect the
binaries /we/ release, I'm not sure I care enough either.
- -Barry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBRS5hD3EjvBPtnXfVAQIlLgP/Rz5ahaeus0VLJT0HmyZUYBf07Crr2e1K
KgCoEDqXZq+LyF7B8bqokXZ4uFisBbQTREM3d+8vYEHC9kcQpt0FurkSFc47G0gj
rJvm0XbGkhXFGdPqrTwUoT033f/bhabpEILDkNJx6bB+Jk5G23EyTKRRDB531QvY
qC6ttgGRfVA=
=dECg
-----END PGP SIGNATURE-----
More information about the Python-Dev
mailing list