On 30 July 2015 at 05:20, Eric Snow ericsnowcurrently@gmail.com wrote:
On Jul 29, 2015 11:08 AM, "Robert Collins" robertc@robertcollins.net wrote:
The more recent Python 2.7 bugfix releases have specific exemptions from the backwards compatibility requirements for security fixes -- because their lifespan will still be many years (EOL of 2.7 is summer 2020). [snip] https://docs.python.org/devguide/devcycle.html#security-branches "...The only changes made to a security branch are those fixing issues exploitable by attackers such as crashes, privilege escalation and,
On 30 July 2015 at 04:50, Guido van Rossum guido@python.org wrote: optionally, other issues such as denial of service attacks. Any other changes are not considered a security risk and thus not backported to a security branch."
This page doesn't specify the exception for 2.7, and by my poor reading of it the http issue wouldn't pass muster - but I think it was appropriate to apply. So I'm confused. Help :).
See PEP 466.
Thanks - but that doesn't cover the 22928 fix as far as I can tell. It explicitly says in fact that its not carte blanch, and that things still need to be discussed....
and I'm still not clear where we should discuss them :)
-Rob
-- Robert Collins rbtcollins@hp.com Distinguished Technologist HP Converged Cloud