On 9/10/20 12:40 PM, Michał Górny wrote:
I've filed two MRs for a start: https://foss.heptapod.net/pypy/pypy/-/merge_requests/752 https://foss.heptapod.net/pypy/pypy/-/merge_requests/753
Could you please let me know if that approach is ok? If so, I'll tackle the remaining vulnerabilities (around 6 patches FWICS).
Thanks. Could you add comments in each patched chunk of each PR that will allow us to track how the code diverged? Something like "added manually to resolve bpo xxx". I am concerned this will make an eventual update to the stdlib difficult. MR753 is quite invasive. Are all the other patches against the same single file? Maybe a different strategy would be to adopt the file and tests as-is from the HEAD of the CPython branch, as long as no user-facing APIs change. It would be nice to make similar PRs against default (python2.7) in lib-python/2.7 on that branch. Matti