[Python-Dev] [python-committers] Proposed release schedule for Python 3.5.4
Victor Stinner
victor.stinner at gmail.com
Thu Jun 22 04:04:01 EDT 2017
For 3.4, please review my pending security fixes :-) There are more of them.
About the cipher list in ssl, the change itself is simple but it's to
blacklist DES and 3DES since it has been proved that these ciphers are
really too weak nowadays:
http://python-security.readthedocs.io/vuln/cve-2016-2183_sweet32_attack_des_3des.html
By the way, is Larry the only one to be able to merge changes in 3.4?
Before GitHub, all core dev were technically allowed to push in
security-only branches.
I would be interested to be allowed to push my own security fixes, but also
to enable Travis CI and maybe AppVeyor on the 3.4 and 3.3 branches.
Victor
Le 22 juin 2017 04:58, "Larry Hastings" <larry at hastings.org> a écrit :
>
>
> It's time to start planning the next 3.5 release, 3.5.4. Note that this
> will be the last 3.5 "bugfix" release; after 3.5.4, the 3.5 branch will
> only be open for security fixes. 3.5.4 will also be the last release of
> 3.5 with binary installers.
>
> I propose to tag and release 3.5.4 on these dates:
>
> 3.5.4rc1
> tag Sat July 22 2017
> release Sun July 23 2017
>
> 3.5.4 final
> tag Sun Aug 6 2017
> release Mon Aug 7 2017
>
> Thus rc1 would be tagged in just over four weeks.
>
>
> As for 3.4--
>
> Lately I've been releasing new versions of 3.5 and 3.4 at the same time.
> But I'm not sure it's worth the effort to release another 3.4 right now.
> There have only been two (2) checkins into the 3.4 branch since 3.4.6 was
> released back in January:
>
> f37b0cb230069481609b0bb06891b5dd26320504
> bpo-25008: Deprecate smtpd and point to aiosmtpd
>
> fa53dbdec818b0f2a0e22ca12a49d83ec948fc91
> Issues #27850 and #27766: Remove 3DES from ssl
> default cipher list and add ChaCha20 Poly1305.
>
>
> The first was a documentation-only change which is already live on
> docs.python.org. The second changes the _DEFAULT_CIPHERS and
> _RESTRICTED_SERVER_CIPHERS constants in Lib/ssl.py. A reasonable change,
> but minor. I'm not convinced it's worth spending the time of many people
> in the community at large to update 3.4 just for this.
>
> If you have any feedback / concerns about this schedule, or if you think
> it's important that I release 3.4.7 with these minor changes, please reply
> here. If I don't hear anything back in a day or two I'll go ahead and make
> this the official schedule.
>
>
> Your friendly neighborhood release manager,
>
>
> */arry*
>
> _______________________________________________
> python-committers mailing list
> python-committers at python.org
> https://mail.python.org/mailman/listinfo/python-committers
> Code of Conduct: https://www.python.org/psf/codeofconduct/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20170622/bd1dc069/attachment.html>
More information about the Python-Dev
mailing list