[Distutils] a plea for backward-compatibility / smooth transitions

Donald Stufft donald at stufft.io
Tue Jul 30 08:38:32 CEST 2013 

On Jul 30, 2013, at 2:19 AM, Antoine Pitrou <solipsis at pitrou.net> wrote:

> Noah Kantrowitz <noah <at> coderanger.net> writes:
>>> The whole python.org infrastructure is built on an OS kernel written by
> someone
>>> who thinks security issues are normal bugs. AFAIK there is no plan to
> switch to
>>> OpenBSD.
>> 
>> This is news to me, we specifically run Ubuntu LTS because Canonical's
> security response team has a proven
>> track record of handling issues. If you mean that Linus doesn't handle
> security issues well, then it is
>> fortunate indeed that we don't actually use his software.
> 
> Did you already forget what the discussion is about?
> Security/bugfix Ubuntu LTS updates don't break compatibility for the sake of
> hardening 
> things, which is the whole point.

Well for one PyPI doesn't have releases so there is no LTS or not LTS, it's just
what's being served so there's no simple place to break backwards compatibility.

As far as forgetting what's being discussed here then it sounds like you've apparently
missed the fact I already conceded the change to MD5 and further more this thread
was explicitly split off from the MD5 request because, as far as I can tell, Holger
wanted to discuss the broader topic of compatibility in general and not just specific
to this particular issue.

> 
> (As for the idea that using "Canonical's kernel" amounts to not using "Linus'
> software", that's a rather unorthodox notion of authorship. It's very likely
> Canonical
> doesn't change more than 1% LOC in the kernel, so you're still bound to Linus'
> decisions for at least 99% of the code - and even probably for the remaining 1%,
> since Canonical's version won't be massively divergent.)
> 
> Regards
> 
> Antoine.
> 
> 
> _______________________________________________
> Distutils-SIG maillist  -  Distutils-SIG at python.org
> http://mail.python.org/mailman/listinfo/distutils-sig


-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130730/30c1b923/attachment.pgp>

More information about the Distutils-SIG mailing list