
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On May 15, 2007, at 12:55 AM, Martin v. Löwis wrote:
I don't think I can be more plain than that: yes, I do not take security seriously enough to release security fixes for old Python versions more than once a year. As a user, it's easy to demand things, and people really have to learn that in open source, all things are done by volunteers, and that demanding gets you nowhere. To get a better service, somebody really has to volunteer and offer it.
I've volunteered, and I contend that this community is big enough that we can recruit more people if necessary. So the question really comes down to what is in the best interest of Python. If resources weren't an issue, would you still say that doing security releases once a year is enough? If so, and if that represents the consensus of the community, then that's what we'll do.
- -Barry