[Python-Dev] 2.3.6 for the unicode buffer overrun

Barry Warsaw barry at python.org
Thu Oct 12 17:36:37 CEST 2006

Hash: SHA1

On Oct 12, 2006, at 4:08 AM, Anthony Baxter wrote:

> I've had a couple of queries about whether PSF-2006-001 merits a  
> 2.3.6.
> Personally, I lean towards "no" - 2.4 was nearly two years ago now.  
> But I'm
> open to other opinions - I guess people see the phrase "buffer  
> overrun" and
> they get scared.
> Plus once 2.4.4 final is out next week, I'll have cut 12 releases  
> since
> March. Assuming a 2.5.1 before March (very likely) that'll be 14  
> releases
> in 12 months. 16 releases in 12 months would just about make me go  
> crazy.

I've offered in the past to dust off my release manager cap and do a  
2.3.6 release.  Having not done one in a long while, the most  
daunting part for me is getting the website updated, since I have  
none of those tools installed.

I'm still willing to do a 2.3.6, though the last time this came up  
the response was too underwhelming to care.  I'm not sure this  
advisory is enough to change people's minds about that -- I'm sure  
any affected downstream distro is fully capable of patching and re- 
releasing their own packages.  Since this doesn't affect the  
binaries /we/ release, I'm not sure I care enough either.

- -Barry

Version: GnuPG v1.4.5 (Darwin)


More information about the Python-Dev mailing list