[Python-Dev] Fixing 2.7.x
Ned Deily
nad at acm.org
Mon Oct 6 19:24:07 CEST 2014
In article <5432BE77.40507 at stoneleaf.us>,
Ethan Furman <ethan at stoneleaf.us> wrote:
> With the incredibly long life span of 2.7, which bugs should we *not* fix?
>
> For example, in http://bugs.python.org/issue22297 I mentioned one reason to
> not fix that bug was that the fix was not in
> 3.1-3.3, but 2.7 will outlive all those plus a couple more.
>
> So, what are the current guidelines on what to fix? Is it still security
> only, with the rest being carrots for switching?
Python release families are in one of four states:
1. in-development feature: the default branch, unreleased
= 3.5
2. maintenance: currently released and actively maintained, bug fixes,
no compatibility breaks, no new features without very compelling use
cases, discussion, and release manager approval.
= 2.7.x and 3.4.x
3. security: "fixing issues exploitable by attackers such as crashes,
privilege escalation and, optionally, other issues such as denial of
service attacks. Any other changes are not considered a security risk
and thus not backported to a security branch."
= 3.2.x and 3.3.x
4. retired: no fixes of any kind from python-dev
= all other releases
So 2.7.x is not "security only" and wouldn't reach that stage until 2020
under current policy.
http://legacy.python.org/dev/peps/pep-0373/#id5
https://docs.python.org/devguide/devcycle.html#branches
--
Ned Deily,
nad at acm.org
More information about the Python-Dev
mailing list