[Python-Dev] Draft PEP: Maintenance of Python Releases

Barry Warsaw barry at python.org
Sat May 12 16:57:30 CEST 2007

Hash: SHA1

On May 12, 2007, at 4:29 AM, Martin v. Löwis wrote:

> This PEP attempts to formalize the existing practice, but goes beyond
> it in introducing security releases. The addition of security releases
> addresses various concerns I heard over the last year about Python
> being short-lived. Those concerns are typically raised by Linux
> distributors which see that they have to maintain Python releases
> much longer than python-dev does, and are now concerned about the
> manpower and Python expertise they need.


I like this PEP; it addresses the issues I was trying to get at with  
my initial posting[1].  Stephen brings up some interesting points  
which I'll comment on in a follow up to his post.

Since one of the major focuses of this PEP is security releases, I  
wonder if we shouldn't mention that security issues should be  
reported to security at python dot org instead of public forums or  
trackers, so that the Python Security Response Team can take the  
appropriate and responsible actions?

- -Barry

[1] I still think we should craft some text for the website, but it  
can now be as simple as:

"For the policy on Python version maintenance and release, see PEP XXX."

Version: GnuPG v1.4.6 (Darwin)


More information about the Python-Dev mailing list