On Sat, 16 Apr 2011 21:32:48 -0500
Brian Curtin
Three weeks after this security vulnerability was *publicly* reported on bugs.python.org, and two days after it was semi-officially announced, I'm still waiting for security updates for my Ubuntu and Debian systems!
I reckon if this had been handled differently (i.e., making new releases and communicating it via the relevant channels [1]), we wouldn't have the situation we have right now.
I don't really think there's a "situation" here, and I fail to see how the development blog isn't one of the relevant channels.
If we want to make official announcements (like releases or security warnings), I don't think the blog is appropriate. A separate announcement channel (mailing-list or newsgroup) would be better, where people can subscribe knowing they will only get a couple of e-mails a year. Regards Antoine.