[Python-Dev] [python-committers] Winding down 3.4
Antoine Pitrou
antoine at python.org
Mon Aug 13 05:55:32 EDT 2018
Le 13/08/2018 à 11:49, Larry Hastings a écrit :
>
>
> We of the core dev community commit to supporting Python releases for
> five years. Releases get eighteen months of active bug fixes, followed
> by three and a half years of security fixes. Python 3.4 turns 5 next
> March--at which point we'll stop supporting it, and I'll retire as 3.4
> release manager.
>
> My plan is to make one final release on or around its fifth birthday
> containing the last round of security fixes. That's about seven months
> from now. Nothing has been merged since the releases of 3.4.9 and 3.5.6
> last week, and there are no open PRs against either of those releases.
>
> But! There are still a couple languishing "critical" bugs:
>
> "shutil copy* unsafe on POSIX - they preserve setuid/setgit bits"
> https://bugs.python.org/issue17180
>
> "XML vulnerabilities in Python"
> https://bugs.python.org/issue17239
>
> "fflush called on pointer to potentially closed file" (Windows only)
> https://bugs.python.org/issue19050
>
> It'd be nice to resolve all those issues, one way or another, before we
> retire 3.4.
So that 3.4 dies in good health?
Regards
Antoine.
More information about the Python-Dev
mailing list