[Python-Dev] LSB: Selection of a Python version

Anthony Baxter anthony at interlink.com.au
Tue Dec 5 10:35:35 CET 2006

On Tuesday 05 December 2006 17:30, Martin v. Löwis wrote:
> People at the meeting specifically said whether security patches
> would still be applied to older releases, and for how many older
> releases. Linux distributors are hesitant to make commitments to
> maintain a software package if they know that their upstream
> source doesn't provide security patches anymore.

I agree we should have a written policy. At the moment, my policy is 

normal bugfixes for 2.5
critical crasher bugfix releases for 2.5 and 2.4
security bugfix releases for 2.5, 2.4, and 2.3.

I'm planning on dropping 2.3 from this list sometime next year. 
After that, I guess we can produce officially blessed patches or 

> I think we should come up with a policy for dealing with security
> patches (there haven't been that many in the past, anyway); I
> believe users (i.e. vendors in this case) would be happy with the
> procedure we followed for 2.3: just produce a source release
> integrating the security patches; no need for binary releases (as
> they will produce binaries themselves).

Depends - while 2.4 is officially "retired" now, if a security 
bugfix that affects windows/OS X comes up, I think we should still 
cut binary releases.

> So I think a public statement that we will support 2.4 with
> security patches for a while longer (and perhaps with security
> patches *only*) would be a good thing - independent of the LSB,
> actually.

Well, I don't know what sort of public statement you want to issue, 
but will this do? (Wearing my release manager hat)

Anthony Baxter     <anthony at interlink.com.au>
It's never too late to have a happy childhood.

More information about the Python-Dev mailing list