On 17 May 2018 at 04:46, Alex Walters <tritium-l...@sdamon.com> wrote:
>> 1. Producing binaries (to the quality we normally deliver - I'm not
>> talking about auto-built binaries produced from a CI system) is a
>> chunk of extra work for the release managers.
> This is actually the heart of the reason I asked the question.  CI tools are 
> fairly good now.  If the CI tools could be used in such a way to make the 
> building of binary artifacts less of a burden on the release managers, would 
> there be interest in doing that, and in the process, releasing binary 
> artifact installers for all security update releases.
> My rationale for asking if its possible is... well.. security releases are 
> important, and it's hard to ask Windows users to install Visual Studio and 
> build python to use the most secure version of python that will run your 
> python program.  Yes there are better ideal solutions (porting your code to 
> the latest and greatest feature release version), but that’s not a zero 
> burden option either.
> If CI tools just aren't up to the task, then so be it, and this isn't 
> something I would darken -ideas' door with.

I honestly don't know if we're at a point where an auto-built security
release would be sufficient and/or useful. That's mostly a question
for the release manager(s). One sticking point might be that I believe
the Windows installers (at least) are signed, and only the release
managers have the signing key. It's probably *not* OK to leave the
security releases unsigned ;-) So there would be a key management
issue to address there.

Python-Dev mailing list

Reply via email to