-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On May 12, 2007, at 4:29 AM, Martin v. Löwis wrote:
This PEP attempts to formalize the existing practice, but goes beyond it in introducing security releases. The addition of security releases addresses various concerns I heard over the last year about Python being short-lived. Those concerns are typically raised by Linux distributors which see that they have to maintain Python releases much longer than python-dev does, and are now concerned about the manpower and Python expertise they need.
Martin, I like this PEP; it addresses the issues I was trying to get at with my initial posting[1]. Stephen brings up some interesting points which I'll comment on in a follow up to his post. Since one of the major focuses of this PEP is security releases, I wonder if we shouldn't mention that security issues should be reported to security at python dot org instead of public forums or trackers, so that the Python Security Response Team can take the appropriate and responsible actions? - -Barry [1] I still think we should craft some text for the website, but it can now be as simple as: "For the policy on Python version maintenance and release, see PEP XXX." -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (Darwin) iD8DBQFGRdXb2YZpQepbvXERAudHAKCxlTXyO15aRS0GypVKbP0U/y3bCACfVrX6 2TcbU5/oe7GiIwhesRsT45g= =dcr9 -----END PGP SIGNATURE-----