![](https://secure.gravatar.com/avatar/ebf132362b622423ed5baca2988911b8.jpg?s=120&d=mm&r=g)
On Jul 30, 2013, at 2:19 AM, Antoine Pitrou <solipsis@pitrou.net> wrote:
Noah Kantrowitz <noah <at> coderanger.net> writes:
The whole python.org infrastructure is built on an OS kernel written by someone who thinks security issues are normal bugs. AFAIK there is no plan to switch to OpenBSD.
This is news to me, we specifically run Ubuntu LTS because Canonical's security response team has a proven track record of handling issues. If you mean that Linus doesn't handle security issues well, then it is fortunate indeed that we don't actually use his software.
Did you already forget what the discussion is about? Security/bugfix Ubuntu LTS updates don't break compatibility for the sake of hardening things, which is the whole point.
Well for one PyPI doesn't have releases so there is no LTS or not LTS, it's just what's being served so there's no simple place to break backwards compatibility. As far as forgetting what's being discussed here then it sounds like you've apparently missed the fact I already conceded the change to MD5 and further more this thread was explicitly split off from the MD5 request because, as far as I can tell, Holger wanted to discuss the broader topic of compatibility in general and not just specific to this particular issue.
(As for the idea that using "Canonical's kernel" amounts to not using "Linus' software", that's a rather unorthodox notion of authorship. It's very likely Canonical doesn't change more than 1% LOC in the kernel, so you're still bound to Linus' decisions for at least 99% of the code - and even probably for the remaining 1%, since Canonical's version won't be massively divergent.)
Regards
Antoine.
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org http://mail.python.org/mailman/listinfo/distutils-sig
----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA