On 17 May 2018 at 04:46, Alex Walters <tritium-l...@sdamon.com> wrote:
>> 1. Producing binaries (to the quality we normally deliver - I'm not
>> talking about auto-built binaries produced from a CI system) is a
>> chunk of extra work for the release managers.
> This is actually the heart of the reason I asked the question. CI tools are
> fairly good now. If the CI tools could be used in such a way to make the
> building of binary artifacts less of a burden on the release managers, would
> there be interest in doing that, and in the process, releasing binary
> artifact installers for all security update releases.
> My rationale for asking if its possible is... well.. security releases are
> important, and it's hard to ask Windows users to install Visual Studio and
> build python to use the most secure version of python that will run your
> python program. Yes there are better ideal solutions (porting your code to
> the latest and greatest feature release version), but that’s not a zero
> burden option either.
> If CI tools just aren't up to the task, then so be it, and this isn't
> something I would darken -ideas' door with.
I honestly don't know if we're at a point where an auto-built security
release would be sufficient and/or useful. That's mostly a question
for the release manager(s). One sticking point might be that I believe
the Windows installers (at least) are signed, and only the release
managers have the signing key. It's probably *not* OK to leave the
security releases unsigned ;-) So there would be a key management
issue to address there.
Python-Dev mailing list