[Python-Dev] patch commit policies (was [issue4308] repr of httplib.IncompleteRead is stupid)
"Martin v. Löwis"
martin at v.loewis.de
Fri Mar 6 00:18:56 CET 2009
> That aside, is it actually a python-wide policy to *forbid* patching
> older releases where the patch isn't security-related?
I set this policy for the releases I manage, namely 2.4 and 2.5.
I still plan to write a PEP on security releases, and how they relate
to maintenance releases.
> I can understand the "no more releases unless there are security
> problems", but what's the harm in applying a patch to an old version
> branch on the off chance that a security release might be made some time?
Yes. *Every* change causes the risk of breaking something. In fact, for
any non-doc change, it is possible to construct a program that breaks
under the change.
The longer a release is in production use, the less breakage can be
risked. People will have worked around all regular bugs that they may
have run into. So when they ever make the experience that installing
a security fix actually breaks their working code, they will refrain
from ever installing Python patches again.
Regards,
Martin
More information about the Python-Dev
mailing list