[Python-Dev] PEP 466: Proposed policy change for handling network security enhancements

[Nick Coghlan]

On 23 March 2014 07:32, Benjamin Peterson <benjamin at python.org> wrote:
> On Sat, Mar 22, 2014, at 14:11, Nick Coghlan wrote:
>> Folks,
>>
>> I have just posted a proposal to change the way we treat enhancements
>> that relate to Python's support for network security enhancements.
>
> I think the PEP should also address "security-mode" releases. Do the
> same exceptions apply?
>
> Does anyone really want to backport features to Python 3.1?

As I see it, RHEL is the primary culprit for people still caring about
Python 2.6. With the RHEL7 beta published late last year and hence
CentOS 7 and RHEL 7 itself presumably landing well before Python 2.7
enters security fix only mode, I think it's OK to leave this aspect in
the hands of the distro vendors and other commercial redistributors.
We create the problem, we can bear the cost of dealing with it on
behalf of our users.

In Red Hat's specific case, we're also finally starting to offer users
better solutions that make it easier to switch to a newer language
runtime without having to upgrade the entire underlying OS or run in
an unsupported configuration. In the longer term, this will hopefully
mean that the expectation for upstream projects to maintain
compatibility with the system Python in RHEL will become limited to
just those projects that we actually include as part of the distro.

However, I agree the PEP needs to have a dedicated section discussing
security fix only releases.

Regards,
Nick.

-- 
Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia