[Python-Dev] Fixing 2.7.x

Ned Deily nad at acm.org
Mon Oct 6 19:24:07 CEST 2014

In article <5432BE77.40507 at stoneleaf.us>,
 Ethan Furman <ethan at stoneleaf.us> wrote:
> With the incredibly long life span of 2.7, which bugs should we *not* fix?
> For example, in http://bugs.python.org/issue22297 I mentioned one reason to 
> not fix that bug was that the fix was not in 
> 3.1-3.3, but 2.7 will outlive all those plus a couple more.
> So, what are the current guidelines on what to fix?  Is it still security 
> only, with the rest being carrots for switching?

Python release families are in one of four states:

1. in-development feature: the default branch, unreleased
   = 3.5

2. maintenance: currently released and actively maintained, bug fixes, 
no compatibility breaks, no new features without very compelling use 
cases, discussion, and release manager approval.
   = 2.7.x and 3.4.x

3. security: "fixing issues exploitable by attackers such as crashes, 
privilege escalation and, optionally, other issues such as denial of 
service attacks. Any other changes are not considered a security risk 
and thus not backported to a security branch."
   = 3.2.x and 3.3.x

4. retired: no fixes of any kind from python-dev
   = all other releases

So 2.7.x is not "security only" and wouldn't reach that stage until 2020 
under current policy.



 Ned Deily,
 nad at acm.org

More information about the Python-Dev mailing list