[Python-Dev] Releases for recent security vulnerability
Antoine Pitrou
solipsis at pitrou.net
Sun Apr 17 13:48:56 CEST 2011
On Sat, 16 Apr 2011 21:32:48 -0500
Brian Curtin <brian.curtin at gmail.com> wrote:
> > Three weeks after this security vulnerability was *publicly* reported on
> > bugs.python.org, and two days after it was semi-officially announced,
> > I'm still waiting for security updates for my Ubuntu and Debian systems!
> >
> > I reckon if this had been handled differently (i.e., making new releases
> > and communicating it via the relevant channels [1]), we wouldn't have
> > the situation we have right now.
>
>
> I don't really think there's a "situation" here, and I fail to see how the
> development blog isn't one of the relevant channels.
If we want to make official announcements (like releases or security
warnings), I don't think the blog is appropriate. A separate
announcement channel (mailing-list or newsgroup) would be better, where
people can subscribe knowing they will only get a couple of e-mails a
year.
Regards
Antoine.
More information about the Python-Dev
mailing list