[Python-Dev] 2.5.2 release coming up
Guido van Rossum
guido at python.org
Wed Jan 23 21:40:34 CET 2008
On Jan 23, 2008 12:25 PM, Steve Holden <steve at holdenweb.com> wrote:
> Giampaolo Rodola' wrote:
> >> Also, *nothing* should go into the 2.4 branch any more *except*
> >> important security patches.
> ^^^^^^^^^
> >
> > http://bugs.python.org/issue1745035
> > I guess this one should concern both 2.4 and 2.5 branches.
> >
>
> Egregious though the error may be I can't myself see that a complete new
> release is justified simply to include a four-line patch in a single
> (not often-used?) module. If it were a buffer overflow it might be
> different (but that would pretty much have to involve a C component).
>
> Couldn't we just publicize the patch? I can't bring myself to believe
> that 1745035 is really "important" enough.
It should go into 2.5 for sure. It should go into 2.4 at the
discretion of the release manager. We *are* considering a
pure-security-fixes source-only release of 2.4 (I wasn't 100% clear on
that in my first mail in this thread).
IMO DoS vulnerabilities are rarely worth getting excited about, unless
they have the potential of bringing down a significant portion of the
internet. This one doesn't.
--
--Guido van Rossum (home page: http://www.python.org/~guido/)
More information about the Python-Dev
mailing list