[Python-Dev] Draft PEP: Maintenance of Python Releases
Barry Warsaw
barry at python.org
Mon May 14 17:45:24 CEST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On May 14, 2007, at 11:32 AM, Stephen J. Turnbull wrote:
> In general, I recognize the burden on the release engineer, and
> obviously any burdensome policy needs his OK. But I think the policy
> should be *effective* too, and I just don't see that a policy that
> allows such long lags is a more effective security response than a
> policy that says "the tarballs are deprecated due to security fixes;
> get your Python by importing the branch, not by fetching a tarball."
Like many other activities we do, if we find ourselves blocking
because of resource constraints, we should recruit additional
volunteers to reduce the load on any one person. Anthony does a
masterful job as release manager, but maybe he would rather someone
else perform security releases. (It's not a bad idea anyway so that
others have experience doing releases too.)
We should decide what's right for security releases and then assess
whether we need to recruit in order to perform that activity the way
we want to.
- -Barry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
iQCVAwUBRkiEFXEjvBPtnXfVAQL1TQP+IbelPCGvkd8IEGvDLIguJxM4B437AJPh
I6sluVGP3EjOcVbHTh8EgiqvWn+DaKQUIIkxqt+CEX/ghOXwv4X2z73Qnc8VB5jG
W6ghV6diiYwmD8xOGUUvuIk4Rr+qV4Me22p38E1aZY7UP9ub9o6ofsGe19rjNjoX
nQBs7PUMqPQ=
=Onzb
-----END PGP SIGNATURE-----
More information about the Python-Dev
mailing list