On 17 May 2018 at 04:46, Alex Walters <tritium-l...@sdamon.com> wrote: >> 1. Producing binaries (to the quality we normally deliver - I'm not >> talking about auto-built binaries produced from a CI system) is a >> chunk of extra work for the release managers. > > This is actually the heart of the reason I asked the question. CI tools are > fairly good now. If the CI tools could be used in such a way to make the > building of binary artifacts less of a burden on the release managers, would > there be interest in doing that, and in the process, releasing binary > artifact installers for all security update releases. > > My rationale for asking if its possible is... well.. security releases are > important, and it's hard to ask Windows users to install Visual Studio and > build python to use the most secure version of python that will run your > python program. Yes there are better ideal solutions (porting your code to > the latest and greatest feature release version), but that’s not a zero > burden option either. > > If CI tools just aren't up to the task, then so be it, and this isn't > something I would darken -ideas' door with.
I honestly don't know if we're at a point where an auto-built security release would be sufficient and/or useful. That's mostly a question for the release manager(s). One sticking point might be that I believe the Windows installers (at least) are signed, and only the release managers have the signing key. It's probably *not* OK to leave the security releases unsigned ;-) So there would be a key management issue to address there. Paul. _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
