[Python-Dev] 2.5.2 release coming up
Steve Holden
steve at holdenweb.com
Wed Jan 23 21:49:51 CET 2008
Guido van Rossum wrote:
> On Jan 23, 2008 12:25 PM, Steve Holden <steve at holdenweb.com> wrote:
>> Giampaolo Rodola' wrote:
>>>> Also, *nothing* should go into the 2.4 branch any more *except*
>>>> important security patches.
>> ^^^^^^^^^
>>> http://bugs.python.org/issue1745035
>>> I guess this one should concern both 2.4 and 2.5 branches.
>>>
>> Egregious though the error may be I can't myself see that a complete new
>> release is justified simply to include a four-line patch in a single
>> (not often-used?) module. If it were a buffer overflow it might be
>> different (but that would pretty much have to involve a C component).
>>
>> Couldn't we just publicize the patch? I can't bring myself to believe
>> that 1745035 is really "important" enough.
>
> It should go into 2.5 for sure. It should go into 2.4 at the
> discretion of the release manager. We *are* considering a
> pure-security-fixes source-only release of 2.4 (I wasn't 100% clear on
> that in my first mail in this thread).
>
> IMO DoS vulnerabilities are rarely worth getting excited about, unless
> they have the potential of bringing down a significant portion of the
> internet. This one doesn't.
>
Yes. There has to be a 2.5.2 release and there's no reason to exclude it
from that.
regards
Steve
--
Steve Holden +1 571 484 6266 +1 800 494 3119
Holden Web LLC http://www.holdenweb.com/
More information about the Python-Dev
mailing list