[Python-Dev] 2.3.6 for the unicode buffer overrun

Fredrik Lundh fredrik at pythonware.com
Tue Oct 17 11:09:20 CEST 2006

Anthony Baxter wrote:

> > why not just do a "2.3.5+security" source release, and leave the rest to
> > the downstream maintainers?
> I think we'd need to renumber it to 2.3.6 at least, otherwise there's the
> problem of distinguishing between the two. I'd _hope_ that all the
> downstreams will have picked up the patch (if you know of someone who hasn't,
> let me know and I'll kick them for you if it would help).

in my experience, downstream builders tend to deal with patches just fine;
I'm more worried about people who build directly from tarballs (using the
good old "wget, tar xvfz, configure, make" mental macro)

> But I'm certainly thinking if there's a 2.3.6, it's going to be 2.3.5 with the
> email fix and the unicode repr() fix, and that's it.

sounds good to me.  how much work would that be, and if you're willing to
coordinate, is there anything we can do to help?


More information about the Python-Dev mailing list