On Jul 29, 2015 11:08 AM, "Robert Collins" <robe...@robertcollins.net> wrote: > > On 30 July 2015 at 04:50, Guido van Rossum <gu...@python.org> wrote: > > The more recent Python 2.7 bugfix releases have > > specific exemptions from the backwards compatibility requirements for > > security fixes -- because their lifespan will still be many years (EOL of > > 2.7 is summer 2020). > [snip] > https://docs.python.org/devguide/devcycle.html#security-branches > "...The only changes made to a security branch are those fixing issues > exploitable by attackers such as crashes, privilege escalation and, > optionally, other issues such as denial of service attacks. Any other > changes are not considered a security risk and thus not backported to > a security branch." > > This page doesn't specify the exception for 2.7, and by my poor > reading of it the http issue wouldn't pass muster - but I think it was > appropriate to apply. So I'm confused. Help :).
See PEP 466. https://www.python.org/dev/peps/pep-0466/ -eric
_______________________________________________ python-committers mailing list python-committers@python.org https://mail.python.org/mailman/listinfo/python-committers
