Twisted 22.10.0 Pre-Release Announcement
![](https://secure.gravatar.com/avatar/eba6eb871de2549c7447a8701352cd35.jpg?s=120&d=mm&r=g)
On behalf of the Twisted contributors, I announce the release candidate of Twisted 22.10.0 This release was triggered by CVE-2022-39348 https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647 The release and NEWS file is available for review at https://github.com/twisted/twisted/pull/11732/files Release candidate documentation is available at https://twisted--11732.org.readthedocs.build/en/11732/ Wheels for the release candidate are available on PyPI https://pypi.org/project/Twisted/22.10.0rc1/ python -m pip install Twisted==22.10.0rc1 Please test it and report any issues. If nothing comes up in one week, I will do the final release based on the latest release candidate. Many thanks to everyone who had a part in Twisted development, the supporters of the Twisted Software Foundation, the developers, and all the people testing and building great things with Twisted! Slava Ukraini! -- Adi Roiban
![](https://secure.gravatar.com/avatar/eba6eb871de2549c7447a8701352cd35.jpg?s=120&d=mm&r=g)
Hi On Wed, 26 Oct 2022 at 21:26, Glyph <glyph@twistedmatrix.com> wrote:
Thanks, Adi! Given that this is a release driven by a network-facing security issue, I think an expedited timeline might make sense.
First we need the PR to be reviewed and approved. The release candidate is done to make it easier to do end to end testing for the release. -------- I think that it makes sense to have any release made as soon as the PR is approved, without waiting for one week. I think that we still have good quality assurance and we should be confident that Twisted can be released without significant extra manual testing. If we find a bug in the final released version , we will make sure there is an automated tests for it for the next release, and push for the release without extra delays :) Regards
-- Adi Roiban
![](https://secure.gravatar.com/avatar/8285ea1765ae52a3ab79c767676a2f4e.jpg?s=120&d=mm&r=g)
The PyPi pages are in some unknown language written an a character set I don't recognize and I can't find any way to change it. I've been downloading Python packages from Pypi for more than a decade and have never seen anything remotely like this before. How do I known this is real and not some phishing expedition if I can't even read the web pages? On 10/26/2022 3:36 PM, Adi Roiban wrote:
-- John Santos Evans Griffiths & Hart, Inc. 781-861-0670 ext 539
![](https://secure.gravatar.com/avatar/e1554622707bedd9202884900430b838.jpg?s=120&d=mm&r=g)
I… also see chinese on the release page. There isn't a setting for this, as far as I know. I am pretty sure it's a PyPI bug, which I've filed here https://github.com/pypi/warehouse/issues/12445. -g
![](https://secure.gravatar.com/avatar/8285ea1765ae52a3ab79c767676a2f4e.jpg?s=120&d=mm&r=g)
It's okay today. PyPi must have fixed something. I would think that there would be a per-user setting for language choice, rather than supporting multiple languages on the web site and picking one at random. Maybe they choose based on some sort of geolocation of the user's IP address, but if that's the case, it didn't work! I couldn't find anywhere to report it to the PyPi people, except if it was a security issue. Thanks for looking into this! -- John Santos On 10/27/2022 1:34 AM, Glyph wrote:
-- John Santos Evans Griffiths & Hart, Inc. 781-861-0670 ext 539
![](https://secure.gravatar.com/avatar/eba6eb871de2549c7447a8701352cd35.jpg?s=120&d=mm&r=g)
Hi On Wed, 26 Oct 2022 at 21:26, Glyph <glyph@twistedmatrix.com> wrote:
Thanks, Adi! Given that this is a release driven by a network-facing security issue, I think an expedited timeline might make sense.
First we need the PR to be reviewed and approved. The release candidate is done to make it easier to do end to end testing for the release. -------- I think that it makes sense to have any release made as soon as the PR is approved, without waiting for one week. I think that we still have good quality assurance and we should be confident that Twisted can be released without significant extra manual testing. If we find a bug in the final released version , we will make sure there is an automated tests for it for the next release, and push for the release without extra delays :) Regards
-- Adi Roiban
![](https://secure.gravatar.com/avatar/8285ea1765ae52a3ab79c767676a2f4e.jpg?s=120&d=mm&r=g)
The PyPi pages are in some unknown language written an a character set I don't recognize and I can't find any way to change it. I've been downloading Python packages from Pypi for more than a decade and have never seen anything remotely like this before. How do I known this is real and not some phishing expedition if I can't even read the web pages? On 10/26/2022 3:36 PM, Adi Roiban wrote:
-- John Santos Evans Griffiths & Hart, Inc. 781-861-0670 ext 539
![](https://secure.gravatar.com/avatar/e1554622707bedd9202884900430b838.jpg?s=120&d=mm&r=g)
I… also see chinese on the release page. There isn't a setting for this, as far as I know. I am pretty sure it's a PyPI bug, which I've filed here https://github.com/pypi/warehouse/issues/12445. -g
![](https://secure.gravatar.com/avatar/8285ea1765ae52a3ab79c767676a2f4e.jpg?s=120&d=mm&r=g)
It's okay today. PyPi must have fixed something. I would think that there would be a per-user setting for language choice, rather than supporting multiple languages on the web site and picking one at random. Maybe they choose based on some sort of geolocation of the user's IP address, but if that's the case, it didn't work! I couldn't find anywhere to report it to the PyPi people, except if it was a security issue. Thanks for looking into this! -- John Santos On 10/27/2022 1:34 AM, Glyph wrote:
-- John Santos Evans Griffiths & Hart, Inc. 781-861-0670 ext 539
participants (3)
-
Adi Roiban
-
Glyph
-
John Santos