[Python-Dev] Draft PEP: Maintenance of Python Releases
Barry Warsaw
barry at python.org
Sat May 12 16:57:30 CEST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On May 12, 2007, at 4:29 AM, Martin v. Löwis wrote:
> This PEP attempts to formalize the existing practice, but goes beyond
> it in introducing security releases. The addition of security releases
> addresses various concerns I heard over the last year about Python
> being short-lived. Those concerns are typically raised by Linux
> distributors which see that they have to maintain Python releases
> much longer than python-dev does, and are now concerned about the
> manpower and Python expertise they need.
Martin,
I like this PEP; it addresses the issues I was trying to get at with
my initial posting[1]. Stephen brings up some interesting points
which I'll comment on in a follow up to his post.
Since one of the major focuses of this PEP is security releases, I
wonder if we shouldn't mention that security issues should be
reported to security at python dot org instead of public forums or
trackers, so that the Python Security Response Team can take the
appropriate and responsible actions?
- -Barry
[1] I still think we should craft some text for the website, but it
can now be as simple as:
"For the policy on Python version maintenance and release, see PEP XXX."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)
iD8DBQFGRdXb2YZpQepbvXERAudHAKCxlTXyO15aRS0GypVKbP0U/y3bCACfVrX6
2TcbU5/oe7GiIwhesRsT45g=
=dcr9
-----END PGP SIGNATURE-----
More information about the Python-Dev
mailing list