[Python-Dev] patch commit policies (was [issue4308] repr of httplib.IncompleteRead is stupid)
Chris Withers
chris at simplistix.co.uk
Thu Mar 5 10:26:43 CET 2009
Martin v. Löwis wrote:
> Martin v. Löwis <martin at v.loewis.de> added the comment:
>
>> So all Chris has to do to get this applied to 2.5 is craft an exploit based
>> on the current behavior, right? ;-)
>
> Right :-) Of course, security patches should see a much more careful
> review than regular bug fixes.
Well, it's funny you say that, since where I bumped into this, the bug
was effectively DOS'ing a couple of mailservers as a result of
mailinglogger sending out log entries of uncaught exceptions such as
this and so emitting 100Mb emails whenever the foreign server chose not
to deliver the whole chunk requested...
That aside, is it actually a python-wide policy to *forbid* patching
older releases where the patch isn't security-related?
I can understand the "no more releases unless there are security
problems", but what's the harm in applying a patch to an old version
branch on the off chance that a security release might be made some time?
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the Python-Dev
mailing list