[python-committers] Branches support status (Re: 3.3 branch created in main repository)

[Barry Warsaw]

On Oct 01, 2012, at 01:30 PM, Martin v. Löwis wrote:

>I had meant to write a PEP on security releases for several
>years now.

+1

>Since this still doesn't exist, here is the outline
>of the procedures that maintainers have agreed upon:
>- bug fix releases are made until the next feature release is
>   out (with 2.7 being an exception from that rule)
>- security fixes are being provided until 5 years after the initial
>   release of the feature release
>   * for 2.6, this will be until Oct 1, 2013
>   * for 3.1, this will be until July 27, 2014
>   * for 3.2, this will be until Feb 20, 2016
>   The 5 years horizon is based on requests of system packagers
>   (Linux distributions in particular), who often also have 5-year
>   cycles for long-term support.
>- security releases are made whenever maintainers deem it necessary;
>   the two options are
>   * commit fixes into source repository only, and release whenever
>     enough time has passed, or enough changes have accumulated, or
>   * release right after a security issue has been resolved
>   Which of these to take depends on the nature of the fix, of course.
>   The former is intended for system packagers of Python - they can
>   incorporate fixes that are official already despite not having been
>   released yet.

The only thing missing is whether releases are made source-only or with binary
packages for Windows and Mac.  My understanding is that once a release goes
into security-only mode, binary releases cease.

Cheers,
-Barry