On 7/16/2020 1:36 PM, Łukasz Langa wrote:
there are 3 security-related fixes in the 3.8 branch post 3.8.4, one with a CVE, another with a pending CVE if I understood Steve correctly. I'd like to release a hotfix 3.8.5 on Monday.
Since this is a special security-focused release, it will be essentially 3.8.4 + those three changes cherry-picked. That gives us enough confidence about the release that we can skip a release candidate for it.
If you have any other security-related changes you think belong in 3.8, please merge them before Monday 8am CEST.
Please include the much needed one line addition of 'import io' to idlelib.iomenu. See https://bugs.python.org/issue41300 https://github.com/python/cpython/pull/21512 (Testing and backporting and testing in progress.) Its omission from a patch backported July 1 prevents saving files with non-ascii chars in comments and string literals.
Terry Jan Reedy