Nick Coghlan email@example.com writes:
This policy does NOT represent a commitment by volunteer contributors to actually backport network security related changes from the Python 3 series to the Python 2 series. Rather, it is intended to send a clear signal to potential corporate contributors that the core development team are willing to review and merge corporate contributions that put this policy into effect.
As I understand, at least for smaller patches it is actually more work to apply a patch than than to write it. With that in mind, are there really sufficient volunteer resources available to review and merge these corporate contributions if they come? The issue tracker certainly does not lack issues with unreviewed and/or unapplied patches...