Twisted 22.10.0 Pre-Release Announcement
On behalf of the Twisted contributors, I announce the release candidate of Twisted 22.10.0
This release was triggered by CVE-2022-39348
https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647
The release and NEWS file is available for review at
https://github.com/twisted/twisted/pull/11732/files
Release candidate documentation is available at
https://twisted--11732.org.readthedocs.build/en/11732/
Wheels for the release candidate are available on PyPI
https://pypi.org/project/Twisted/22.10.0rc1/
python -m pip install Twisted==22.10.0rc1
Please test it and report any issues. If nothing comes up in one week, I will do the final release based on the latest release candidate.
Many thanks to everyone who had a part in Twisted development, the supporters of the Twisted Software Foundation, the developers, and all the people testing and building great things with Twisted!
Slava Ukraini!
Thanks, Adi! Given that this is a release driven by a network-facing security issue, I think an expedited timeline might make sense.
-g
On Oct 26, 2022, at 12:36 PM, Adi Roiban adiroiban@gmail.com wrote:
If nothing comes up in one week, I will do the final release based on the latest release candidate.
Hi
On Wed, 26 Oct 2022 at 21:26, Glyph glyph@twistedmatrix.com wrote:
Thanks, Adi! Given that this is a release driven by a network-facing security issue, I think an expedited timeline might make sense.
First we need the PR to be reviewed and approved.
The release candidate is done to make it easier to do end to end testing for the release.
--------
I think that it makes sense to have any release made as soon as the PR is approved, without waiting for one week.
I think that we still have good quality assurance and we should be confident that Twisted can be released without significant extra manual testing.
If we find a bug in the final released version , we will make sure there is an automated tests for it for the next release, and push for the release without extra delays :)
Regards
-g
On Oct 26, 2022, at 12:36 PM, Adi Roiban adiroiban@gmail.com wrote:
If nothing comes up in one week, I will do the final release based on the latest release candidate.
Twisted mailing list -- twisted@python.org To unsubscribe send an email to twisted-leave@python.org https://mail.python.org/mailman3/lists/twisted.python.org/ Message archived at https://mail.python.org/archives/list/twisted@python.org/message/6XIP7ITTWCI... Code of Conduct: https://twisted.org/conduct
This sounds good to me in general but let's not make any final general process-change decisions while a CVE release is pending :).
On Oct 26, 2022, at 2:25 PM, Adi Roiban adiroiban@gmail.com wrote:
Hi
On Wed, 26 Oct 2022 at 21:26, Glyph glyph@twistedmatrix.com wrote:
Thanks, Adi! Given that this is a release driven by a network-facing security issue, I think an expedited timeline might make sense.
First we need the PR to be reviewed and approved.
The release candidate is done to make it easier to do end to end testing for the release.
I think that it makes sense to have any release made as soon as the PR is approved, without waiting for one week.
I think that we still have good quality assurance and we should be confident that Twisted can be released without significant extra manual testing.
If we find a bug in the final released version , we will make sure there is an automated tests for it for the next release, and push for the release without extra delays :)
Regards
-g
On Oct 26, 2022, at 12:36 PM, Adi Roiban adiroiban@gmail.com wrote:
If nothing comes up in one week, I will do the final release based on the latest release candidate.
Twisted mailing list -- twisted@python.org To unsubscribe send an email to twisted-leave@python.org https://mail.python.org/mailman3/lists/twisted.python.org/ Message archived at https://mail.python.org/archives/list/twisted@python.org/message/6XIP7ITTWCI... Code of Conduct: https://twisted.org/conduct
-- Adi Roiban _______________________________________________ Twisted mailing list -- twisted@python.org To unsubscribe send an email to twisted-leave@python.org https://mail.python.org/mailman3/lists/twisted.python.org/ Message archived at https://mail.python.org/archives/list/twisted@python.org/message/4N5KT4AV7W5... Code of Conduct: https://twisted.org/conduct
The PyPi pages are in some unknown language written an a character set I don't recognize and I can't find any way to change it.
I've been downloading Python packages from Pypi for more than a decade and have never seen anything remotely like this before. How do I known this is real and not some phishing expedition if I can't even read the web pages?
On 10/26/2022 3:36 PM, Adi Roiban wrote:
On behalf of the Twisted contributors, I announce the release candidate of Twisted 22.10.0
This release was triggered by CVE-2022-39348
https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647
The release and NEWS file is available for review at
https://github.com/twisted/twisted/pull/11732/filesRelease candidate documentation is available at
https://twisted--11732.org.readthedocs.build/en/11732/
Wheels for the release candidate are available on PyPI
https://pypi.org/project/Twisted/22.10.0rc1/ python -m pip install Twisted==22.10.0rc1Please test it and report any issues. If nothing comes up in one week, I will do the final release based on the latest release candidate.
Many thanks to everyone who had a part in Twisted development, the supporters of the Twisted Software Foundation, the developers, and all the people testing and building great things with Twisted!
Slava Ukraini!
I… also see chinese on the release page. There isn't a setting for this, as far as I know. I am pretty sure it's a PyPI bug, which I've filed here https://github.com/pypi/warehouse/issues/12445.
-g
On Oct 26, 2022, at 9:34 PM, John Santos john@egh.com wrote:
The PyPi pages are in some unknown language written an a character set I don't recognize and I can't find any way to change it.
I've been downloading Python packages from Pypi for more than a decade and have never seen anything remotely like this before. How do I known this is real and not some phishing expedition if I can't even read the web pages?
On 10/26/2022 3:36 PM, Adi Roiban wrote:
On behalf of the Twisted contributors, I announce the release candidate of Twisted 22.10.0 This release was triggered by CVE-2022-39348 https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647 The release and NEWS file is available for review at https://github.com/twisted/twisted/pull/11732/files Release candidate documentation is available at https://twisted--11732.org.readthedocs.build/en/11732/ Wheels for the release candidate are available on PyPI https://pypi.org/project/Twisted/22.10.0rc1/ python -m pip install Twisted==22.10.0rc1 Please test it and report any issues. If nothing comes up in one week, I will do the final release based on the latest release candidate. Many thanks to everyone who had a part in Twisted development, the supporters of the Twisted Software Foundation, the developers, and all the people testing and building great things with Twisted! Slava Ukraini!
-- John Santos Evans Griffiths & Hart, Inc. 781-861-0670 ext 539 _______________________________________________ Twisted mailing list -- twisted@python.org To unsubscribe send an email to twisted-leave@python.org https://mail.python.org/mailman3/lists/twisted.python.org/ Message archived at https://mail.python.org/archives/list/twisted@python.org/message/LUPJ47W5XTL... Code of Conduct: https://twisted.org/conduct
It's okay today. PyPi must have fixed something.
I would think that there would be a per-user setting for language choice, rather than supporting multiple languages on the web site and picking one at random. Maybe they choose based on some sort of geolocation of the user's IP address, but if that's the case, it didn't work!
I couldn't find anywhere to report it to the PyPi people, except if it was a security issue.
Thanks for looking into this!
-- John Santos
On 10/27/2022 1:34 AM, Glyph wrote:
I… also see chinese on the release page. There isn't a setting for this, as far as I know. I am pretty sure it's a PyPI bug, which I've filed here https://github.com/pypi/warehouse/issues/12445 https://github.com/pypi/warehouse/issues/12445.
-g
On Oct 26, 2022, at 9:34 PM, John Santos john@egh.com wrote:
The PyPi pages are in some unknown language written an a character set I don't recognize and I can't find any way to change it.
I've been downloading Python packages from Pypi for more than a decade and have never seen anything remotely like this before. How do I known this is real and not some phishing expedition if I can't even read the web pages?
On 10/26/2022 3:36 PM, Adi Roiban wrote:
On behalf of the Twisted contributors, I announce the release candidate of Twisted 22.10.0 This release was triggered by CVE-2022-39348 https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647 The release and NEWS file is available for review at https://github.com/twisted/twisted/pull/11732/files Release candidate documentation is available at https://twisted--11732.org.readthedocs.build/en/11732/ Wheels for the release candidate are available on PyPI https://pypi.org/project/Twisted/22.10.0rc1/ python -m pip install Twisted==22.10.0rc1 Please test it and report any issues. If nothing comes up in one week, I will do the final release based on the latest release candidate. Many thanks to everyone who had a part in Twisted development, the supporters of the Twisted Software Foundation, the developers, and all the people testing and building great things with Twisted! Slava Ukraini!
-- John Santos Evans Griffiths & Hart, Inc. 781-861-0670 ext 539 _______________________________________________ Twisted mailing list -- twisted@python.org To unsubscribe send an email to twisted-leave@python.org https://mail.python.org/mailman3/lists/twisted.python.org/ Message archived at https://mail.python.org/archives/list/twisted@python.org/message/LUPJ47W5XTL... Code of Conduct: https://twisted.org/conduct
There's an explanation on the bug report I linked.
In the future, that "warehouse" repository is the place to report issues with PyPI.org.
-g
On Oct 27, 2022, at 8:10 PM, John Santos john@egh.com wrote:
It's okay today. PyPi must have fixed something.
I would think that there would be a per-user setting for language choice, rather than supporting multiple languages on the web site and picking one at random. Maybe they choose based on some sort of geolocation of the user's IP address, but if that's the case, it didn't work!
I couldn't find anywhere to report it to the PyPi people, except if it was a security issue.
Thanks for looking into this!
-- John Santos
On 10/27/2022 1:34 AM, Glyph wrote:
I… also see chinese on the release page. There isn't a setting for this, as far as I know. I am pretty sure it's a PyPI bug, which I've filed here https://github.com/pypi/warehouse/issues/12445 https://github.com/pypi/warehouse/issues/12445. -g
On Oct 26, 2022, at 9:34 PM, John Santos john@egh.com wrote:
The PyPi pages are in some unknown language written an a character set I don't recognize and I can't find any way to change it.
I've been downloading Python packages from Pypi for more than a decade and have never seen anything remotely like this before. How do I known this is real and not some phishing expedition if I can't even read the web pages?
On 10/26/2022 3:36 PM, Adi Roiban wrote:
On behalf of the Twisted contributors, I announce the release candidate of Twisted 22.10.0 This release was triggered by CVE-2022-39348 https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647 The release and NEWS file is available for review at https://github.com/twisted/twisted/pull/11732/files Release candidate documentation is available at https://twisted--11732.org.readthedocs.build/en/11732/ Wheels for the release candidate are available on PyPI https://pypi.org/project/Twisted/22.10.0rc1/ python -m pip install Twisted==22.10.0rc1 Please test it and report any issues. If nothing comes up in one week, I will do the final release based on the latest release candidate. Many thanks to everyone who had a part in Twisted development, the supporters of the Twisted Software Foundation, the developers, and all the people testing and building great things with Twisted! Slava Ukraini!
-- John Santos Evans Griffiths & Hart, Inc. 781-861-0670 ext 539 _______________________________________________ Twisted mailing list -- twisted@python.org To unsubscribe send an email to twisted-leave@python.org https://mail.python.org/mailman3/lists/twisted.python.org/ Message archived at https://mail.python.org/archives/list/twisted@python.org/message/LUPJ47W5XTL... Code of Conduct: https://twisted.org/conduct
-- John Santos Evans Griffiths & Hart, Inc. 781-861-0670 ext 539
Thanks, Glyph. I will make a note of that.
In the past, PyPi has always "just worked", so I've never had anything to complain about before!
-- John Santos
On 10/28/2022 1:54 AM, Glyph wrote:
There's an explanation on the bug report I linked.
In the future, that "warehouse" repository is the place to report issues with PyPI.org.
-g
On Oct 27, 2022, at 8:10 PM, John Santos john@egh.com wrote:
It's okay today. PyPi must have fixed something.
I would think that there would be a per-user setting for language choice, rather than supporting multiple languages on the web site and picking one at random. Maybe they choose based on some sort of geolocation of the user's IP address, but if that's the case, it didn't work!
I couldn't find anywhere to report it to the PyPi people, except if it was a security issue.
Thanks for looking into this!
-- John Santos
On 10/27/2022 1:34 AM, Glyph wrote:
I… also see chinese on the release page. There isn't a setting for this, as far as I know. I am pretty sure it's a PyPI bug, which I've filed here https://github.com/pypi/warehouse/issues/12445 https://github.com/pypi/warehouse/issues/12445. -g
On Oct 26, 2022, at 9:34 PM, John Santos john@egh.com wrote:
The PyPi pages are in some unknown language written an a character set I don't recognize and I can't find any way to change it.
I've been downloading Python packages from Pypi for more than a decade and have never seen anything remotely like this before. How do I known this is real and not some phishing expedition if I can't even read the web pages?
On 10/26/2022 3:36 PM, Adi Roiban wrote:
On behalf of the Twisted contributors, I announce the release candidate of Twisted 22.10.0 This release was triggered by CVE-2022-39348 https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647 The release and NEWS file is available for review at https://github.com/twisted/twisted/pull/11732/files Release candidate documentation is available at https://twisted--11732.org.readthedocs.build/en/11732/ Wheels for the release candidate are available on PyPI https://pypi.org/project/Twisted/22.10.0rc1/ python -m pip install Twisted==22.10.0rc1 Please test it and report any issues. If nothing comes up in one week, I will do the final release based on the latest release candidate. Many thanks to everyone who had a part in Twisted development, the supporters of the Twisted Software Foundation, the developers, and all the people testing and building great things with Twisted! Slava Ukraini!
-- John Santos Evans Griffiths & Hart, Inc. 781-861-0670 ext 539 _______________________________________________ Twisted mailing list -- twisted@python.org To unsubscribe send an email to twisted-leave@python.org https://mail.python.org/mailman3/lists/twisted.python.org/ Message archived at https://mail.python.org/archives/list/twisted@python.org/message/LUPJ47W5XTL... Code of Conduct: https://twisted.org/conduct
-- John Santos Evans Griffiths & Hart, Inc. 781-861-0670 ext 539
participants (3)
-
Adi Roiban -
Glyph -
John Santos