[python-committers] Python 3.3.7 release schedule and end-of-life

Brett Cannon brett at python.org
Sun Jul 16 17:15:00 EDT 2017 

A quick thanks from me, Ned, for stepping forward to help 3.3 pine for the
fjords.

On Sat, Jul 15, 2017, 14:51 Ned Deily, <nad at python.org> wrote:

> Python 3.3 is fast approaching its end-of-life date, 2017-09-29.  Per our
> release policy, that date is five years after the initial release of 3.3,
> 3.3.0 final on 2012-09-29.  Note that 3.3 has been in security-fix only
> mode since the 2014-03-08 release of 3.3.5.  It has been a while since we
> produced a 3.3.x security-fix release and, due to his commitments
> elsewhere, Georg has agreed for me to lead 3.3 to its well-deserved
> retirement.
>
> To that end, I would like to schedule its next, and hopefully final,
> security-fix release to coincide with the already announced 3.4.7
> security-fix release. In particular, we'll plan to tag and release 3.3.7rc1
> on Monday 2017-07-24 (UTC) and tag and release 3.3.7 final on Monday
> 2017-08-07.  In the coming days, I'll be reviewing the outstanding 3.3
> security issues and merging appropriate 3.3 PRs.  Some of them have been
> sitting as patches for a long time so, if you have any such security issues
> that you think belong in 3.3, it would be very helpful if you would review
> such patches and turn them into 3.3 PRs.
>
> As a reminder, here are the guidelines from the devguide as to what is
> appropriate for a security-fix only branch:
>
> "The only changes made to a security branch are those fixing issues
> exploitable by attackers such as crashes, privilege escalation and,
> optionally, other issues such as denial of service attacks. Any other
> changes are not considered a security risk and thus not backported to a
> security branch. You should also consider fixing hard-failing tests in open
> security branches since it is important to be able to run the tests
> successfully before releasing."
>
> Note that documentation changes, other than any that might be related to a
> security fix, are also out of scope.
>
> Assuming no new security issues arise prior to the EOL date, 3.3.7 will
> likely be the final release of 3.3.  And you really shouldn't be using 3.3
> at all at this point; while downstream distributors are, of course, free to
> provide support of 3.3 to their customers, in a little over two months when
> EOL is reached python-dev will no longer accept any issues or make any
> changes available for 3.3.  If you are still using 3.3, you really owe it
> to your applications, to your users, and to yourself to upgrade to a more
> recent release of Python 3, preferably 3.6!  Many, many fixes, new
> features, and substantial performance improvements await you.
>
> https://www.python.org/dev/peps/pep-0398/
> https://devguide.python.org/devcycle/#security-branches
>
> --
>   Ned Deily
>   nad at python.org -- []
>
> _______________________________________________
> python-committers mailing list
> python-committers at python.org
> https://mail.python.org/mailman/listinfo/python-committers
> Code of Conduct: https://www.python.org/psf/codeofconduct/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-committers/attachments/20170716/0eb5b1ca/attachment.html>

More information about the python-committers mailing list