On 31/01/2011 14:38, Antoine Martin wrote: > Are there any documents outlining how critical bugs are handled?
I'm not aware of such documents and would also be interested in learning more on how things where/are done for PyGTK in this regard. > Are fixes backported to older pygtk versions? I've not seen point releases done for any version of PyGTK since 2.14.1 which has been some time ago. > Surely distributors will > need to do it for their LTS releases so it would make sense to do at > least part of that job in one place? That would indeed make sense for stable PyGTK releases, but... > Or do we have to file bugs with all > major distros against all versions that have the affected version? > Apologies if this is obvious and documented somewhere, I couldn't find it. > I see a tag but no branch for 2.17, and it's a year old... how come? > http://git.gnome.org/browse/pygtk/ 2.17 was an unstable release [1] just like 2.21 [2]. The first stable release after 2.16 is 2.22. We're currently working hard on what will become 2.24. That will be the last major release of PyGTK we'll ever see, except maybe bugfix 2.24.x point releases if enough people keep up maintenance. > A few distros ship that version (Fedora for one), so how do they all > maintain it? I guess those distro's maintain patches themselves and sometimes check bugzilla/git/this list to see if anything applies to those unstable version they use. > Concretely, say I found a trivial DoS bug like this one: > https://bugzilla.gnome.org/show_bug.cgi?id=640738#c2 > What is the best way to get some attention from the developers with > commit access? Bugzilla and this list. Both bug 640738 (thanks for your work!) and 638780 had already caught my attention and both seem to propose the same patch. I hope to study and test the proposed fix somewhere this week. For those interested, it looks to me like a forgotten part of the wakeup fd work done a couple of years ago. At least this comment [3] and the 85 other comments preceding it point in that direction. More information on the Python related internals are documented in this huge thread [4] on python-dev. > Is this going to be picked up by distros afterwards, or > is it more of a manual process? Looks to me like it has been more of a manual process for some time now... Regards, Dieter [1] http://mail.gnome.org/archives/gnome-announce-list/2009-December/msg00068.html [2] http://mail.gnome.org/archives/gnome-announce-list/2010-August/msg00026.html [3] https://bugzilla.gnome.org/show_bug.cgi?id=481569#c86 [4] http://mail.python.org/pipermail/python-dev/2007-December/thread.html#75589 _______________________________________________ pygtk mailing list pygtk@daa.com.au http://www.daa.com.au/mailman/listinfo/pygtk Read the PyGTK FAQ: http://faq.pygtk.org/