Planning a hotfix Python 3.8.5
Hey team, there are 3 security-related fixes in the 3.8 branch post 3.8.4, one with a CVE, another with a pending CVE if I understood Steve correctly. I'd like to release a hotfix 3.8.5 on Monday.
Since this is a special security-focused release, it will be essentially 3.8.4 + those three changes cherry-picked. That gives us enough confidence about the release that we can skip a release candidate for it.
If you have any other security-related changes you think belong in 3.8, please merge them before Monday 8am CEST.
Cheers, Ł
On 7/16/20 7:36 PM, Łukasz Langa wrote:
Hey team, there are 3 security-related fixes in the 3.8 branch post 3.8.4, one with a CVE, another with a pending CVE if I understood Steve correctly. I'd like to release a hotfix 3.8.5 on Monday.
Since this is a special security-focused release, it will be essentially 3.8.4 + those three changes cherry-picked. That gives us enough confidence about the release that we can skip a release candidate for it.
If you have any other security-related changes you think belong in 3.8, please merge them before Monday 8am CEST.
what about https://bugs.python.org/issue41295 ?
This is marked as a regression compared to 3.8.3.
Matthias
Good call, Matthias. We will include it as long as it's merged before Monday 8am CEST.
- Ł
On 16 Jul 2020, at 20:00, Matthias Klose <doko@ubuntu.com> wrote:
On 7/16/20 7:36 PM, Łukasz Langa wrote:
Hey team, there are 3 security-related fixes in the 3.8 branch post 3.8.4, one with a CVE, another with a pending CVE if I understood Steve correctly. I'd like to release a hotfix 3.8.5 on Monday.
Since this is a special security-focused release, it will be essentially 3.8.4 + those three changes cherry-picked. That gives us enough confidence about the release that we can skip a release candidate for it.
If you have any other security-related changes you think belong in 3.8, please merge them before Monday 8am CEST.
what about https://bugs.python.org/issue41295 ?
This is marked as a regression compared to 3.8.3.
Matthias
On 7/16/20 8:47 PM, Łukasz Langa wrote:
Good call, Matthias. We will include it as long as it's merged before Monday 8am CEST.
what exactly include? Or just revert https://github.com/python/cpython/commit/8912c182455de83e27d5c120639ec91b182... on the 3.8 branch?
- Ł
On 16 Jul 2020, at 20:00, Matthias Klose <doko@ubuntu.com> wrote:
On 7/16/20 7:36 PM, Łukasz Langa wrote:
Hey team, there are 3 security-related fixes in the 3.8 branch post 3.8.4, one with a CVE, another with a pending CVE if I understood Steve correctly. I'd like to release a hotfix 3.8.5 on Monday.
Since this is a special security-focused release, it will be essentially 3.8.4 + those three changes cherry-picked. That gives us enough confidence about the release that we can skip a release candidate for it.
If you have any other security-related changes you think belong in 3.8, please merge them before Monday 8am CEST.
what about https://bugs.python.org/issue41295 ?
This is marked as a regression compared to 3.8.3.
Matthias
On 7/16/2020 1:36 PM, Łukasz Langa wrote:
there are 3 security-related fixes in the 3.8 branch post 3.8.4, one with a CVE, another with a pending CVE if I understood Steve correctly. I'd like to release a hotfix 3.8.5 on Monday.
Since this is a special security-focused release, it will be essentially 3.8.4 + those three changes cherry-picked. That gives us enough confidence about the release that we can skip a release candidate for it.
If you have any other security-related changes you think belong in 3.8, please merge them before Monday 8am CEST.
Please include the much needed one line addition of 'import io' to idlelib.iomenu. See https://bugs.python.org/issue41300 https://github.com/python/cpython/pull/21512 (Testing and backporting and testing in progress.) Its omission from a patch backported July 1 prevents saving files with non-ascii chars in comments and string literals.
Terry Jan Reedy
participants (3)
-
Matthias Klose -
Terry Reedy -
Łukasz Langa