On 31/01/2011 14:38, Antoine Martin wrote:
> Are there any documents outlining how critical bugs are handled?

I'm not aware of such documents and would also be interested in
learning more on how things where/are done for PyGTK in this regard.

> Are fixes backported to older pygtk versions?

I've not seen point releases done for any version of PyGTK since 2.14.1
which has been some time ago.

> Surely distributors will
> need to do it for their LTS releases so it would make sense to do at
> least part of that job in one place?

That would indeed make sense for stable PyGTK releases, but...

> Or do we have to file bugs with all
> major distros against all versions that have the affected version?
> Apologies if this is obvious and documented somewhere, I couldn't find it.
> I see a tag but no branch for 2.17, and it's a year old... how come?
> http://git.gnome.org/browse/pygtk/

2.17 was an unstable release [1] just like 2.21 [2]. The first stable
release after 2.16 is 2.22. We're currently working hard on what will
become 2.24. That will be the last major release of PyGTK we'll ever
see, except maybe bugfix 2.24.x point releases if enough people keep
up maintenance.

> A few distros ship that version (Fedora for one), so how do they all
> maintain it?

I guess those distro's maintain patches themselves and sometimes check
bugzilla/git/this list to see if anything applies to those unstable
version they use.

> Concretely, say I found a trivial DoS bug like this one:
> https://bugzilla.gnome.org/show_bug.cgi?id=640738#c2
> What is the best way to get some attention from the developers with
> commit access?

Bugzilla and this list. Both bug 640738 (thanks for your work!)
and 638780 had already caught my attention and both seem to propose
the same patch. I hope to study and test the proposed fix somewhere
this week. For those interested, it looks to me like a forgotten part
of the wakeup fd work done a couple of years ago. At least this
comment [3] and the 85 other comments preceding it point in that
direction. More information on the Python related internals are
documented in this huge thread [4] on python-dev.

> Is this going to be picked up by distros afterwards, or
> is it more of a manual process?

Looks to me like it has been more of a manual process for some time
now...

Regards,
Dieter

[1]
http://mail.gnome.org/archives/gnome-announce-list/2009-December/msg00068.html
[2]
http://mail.gnome.org/archives/gnome-announce-list/2010-August/msg00026.html
[3] https://bugzilla.gnome.org/show_bug.cgi?id=481569#c86
[4]
http://mail.python.org/pipermail/python-dev/2007-December/thread.html#75589

_______________________________________________
pygtk mailing list   pygtk@daa.com.au
http://www.daa.com.au/mailman/listinfo/pygtk
Read the PyGTK FAQ: http://faq.pygtk.org/

Reply via email to