On 31/10/2019 00:17, Larry Hastings wrote: > > > Due to awkward CDN caching, some users who downloaded the source code > tarballs of Python 3.5.8 got a preliminary version instead of the > final version. As best as we can tell, this only affects the .xz > release; there are no known instances of users downloading an > incorrect version of the .tgz file. > > If you downloaded "Python-3.5.8.tar.xz" during the first twelve hours > of its release, you might be affected. It's easy to determine this > for yourself. The file size (15,382,140 bytes) and MD5 checksum > (4464517ed6044bca4fc78ea9ed086c36) published on the release page have > always matched the correct version. Also, the GPG signature file will > only report a "Good signature" for the correct .xz file (using "gpg > --verify"). > > What's the difference between the two? The only difference is that > the final version also merges a fix for Python issue tracker #38243: > > https://bugs.python.org/issue38243 > > The fix adds a call to "html.escape" at a judicious spot, line 896 in > Lib/xmlrpc/server.py. The only other changes are one new test, to > ensure this new code is working, and an entry in the NEWS file. You > can see the complete list of changes here: > > https://github.com/python/cpython/pull/16516/files > > What should you do? It's up to you. > > * If you and your users aren't using the XMLRPC library built in to > Python, you don't need to worry about which version of 3.5.8 you > downloaded. > * If you downloaded the .tgz tarball or the Git repo, you already > have the correct version. > * If you downloaded the xz file and want to make sure you have the > fix, check the MD5 sum, and if it's wrong download a fresh copy > (and make sure that one matches the known good MD5 sum!). > > To smooth over this whole sordid mess, I plan to make a 3.5.9 release > in the next day or so. It'll be identical to the 3.5.8 release; its > only purpose is to ensure that all users have the same updated source > code, including the fix for #38243. > > > Sorry for the mess, everybody, > a) "Congratulations" on the 3.5.8 release
b) excellent solution - to up the release number! c) Thanks!! > > //arry/ > > > _______________________________________________ > Python-Dev mailing list -- python-...@python.org > To unsubscribe send an email to python-dev-le...@python.org > https://mail.python.org/mailman3/lists/python-dev.python.org/ > Message archived at > https://mail.python.org/archives/list/python-...@python.org/message/OYNQS2BZYABXACBRHBHV4RCEPQU5R6EP/ > Code of Conduct: http://python.org/psf/codeofconduct/
signature.asc
Description: OpenPGP digital signature
-- Python-announce-list mailing list -- python-announce-list@python.org To unsubscribe send an email to python-announce-list-le...@python.org https://mail.python.org/mailman3/lists/python-announce-list.python.org/ Support the Python Software Foundation: http://www.python.org/psf/donations/