[Python-Dev] patch commit policies (was [issue4308] repr of httplib.IncompleteRead is stupid)

Chris Withers chris at simplistix.co.uk
Thu Mar 5 10:26:43 CET 2009


Martin v. Löwis wrote:
> Martin v. Löwis <martin at v.loewis.de> added the comment:
> 
>> So all Chris has to do to get this applied to 2.5 is craft an exploit based
>> on the current behavior, right? ;-)
> 
> Right :-) Of course, security patches should see a much more careful
> review than regular bug fixes.

Well, it's funny you say that, since where I bumped into this, the bug 
was effectively DOS'ing a couple of mailservers as a result of 
mailinglogger sending out log entries of uncaught exceptions such as 
this and so emitting 100Mb emails whenever the foreign server chose not 
to deliver the whole chunk requested...

That aside, is it actually a python-wide policy to *forbid* patching 
older releases where the patch isn't security-related?

I can understand the "no more releases unless there are security 
problems", but what's the harm in applying a patch to an old version 
branch on the off chance that a security release might be made some time?

cheers,

Chris

-- 
Simplistix - Content Management, Zope & Python Consulting
            - http://www.simplistix.co.uk


More information about the Python-Dev mailing list