[Python-Dev] Winding down 3.4

Larry Hastings larry at hastings.org
Mon Aug 13 05:49:17 EDT 2018



We of the core dev community commit to supporting Python releases for 
five years.  Releases get eighteen months of active bug fixes, followed 
by three and a half years of security fixes.  Python 3.4 turns 5 next 
March--at which point we'll stop supporting it, and I'll retire as 3.4 
release manager.

My plan is to make one final release on or around its fifth birthday 
containing the last round of security fixes.  That's about seven months 
from now.  Nothing has been merged since the releases of 3.4.9 and 3.5.6 
last week, and there are no open PRs against either of those releases.

But!  There are still a couple languishing "critical" bugs:

    "shutil copy* unsafe on POSIX - they preserve setuid/setgit bits"
    https://bugs.python.org/issue17180

    "XML vulnerabilities in Python"
    https://bugs.python.org/issue17239

    "fflush called on pointer to potentially closed file" (Windows only)
    https://bugs.python.org/issue19050

It'd be nice to resolve all those issues, one way or another, before we 
retire 3.4.


See you next March,


//arry/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20180813/d8c842c3/attachment.html>


More information about the Python-Dev mailing list