On 10/01/2012 01:30 PM, "Martin v. Löwis" wrote:
Is there a PEP with end-of-life info?
I had meant to write a PEP on security releases for several years now. Since this still doesn't exist, here is the outline of the procedures that maintainers have agreed upon:
- bug fix releases are made until the next feature release is out (with 2.7 being an exception from that rule)
- security fixes are being provided until 5 years after the initial release of the feature release
- for 2.6, this will be until Oct 1, 2013
- for 3.1, this will be until July 27, 2014
- for 3.2, this will be until Feb 20, 2016 The 5 years horizon is based on requests of system packagers (Linux distributions in particular), who often also have 5-year cycles for long-term support.
- security releases are made whenever maintainers deem it necessary; the two options are
- commit fixes into source repository only, and release whenever enough time has passed, or enough changes have accumulated, or
- release right after a security issue has been resolved Which of these to take depends on the nature of the fix, of course. The former is intended for system packagers of Python - they can incorporate fixes that are official already despite not having been released yet.
I'm not aware of a formal policy for 2.7. I guess it will end its life by BDFL pronouncement; giving it a 5 year bug fix period (which would end on July 3, 2015) seems a bit long to me - I'd favor to stop bug fixing along with the 3.4 release. The last BDFL decision (that I'm aware of) is that 2.7 should be supported "indefinitely", which is not "infinitely".
I've now added lifespan information to the 3.2 and 3.3 release schedule PEPs, perhaps Barry and Benjamin could do the same for 2.6 to 3.1.
Georg