-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On May 14, 2007, at 5:32 PM, Martin v. Löwis wrote:
>> We should decide what's right for security releases and then assess >> whether we need to recruit in order to perform that activity the >> way we >> want to. > > I disagree. If you would like to see a certain policy implemented, you > need to locate the volunteers *first*, and only then you can start > setting a policy that these volunteers can agree to. When the > volunteers > then run away, or become inactive, the policy needs revisiting. These are not mutually exclusive positions, but that's unimportant because in this specific case, I'm confident we can summon the necessary manpower. Still, I'm in agreement with you that the repository holds the security patches and that the tarballs are a convenience. They are an important convenience though, so I would say that they should be released in a timely manner after the commit of the security patches. I don't think we need to be that exact about spelling out when that happens. (I personally would like to see it within "weeks" of a security patch, not "months" or "years".) Also, I would like to document explicit that it is the responsibility of the PSRT (or its designate) to commit security patches to revision control. The act of committing these patches is a public event and has an important impact on any embargoes agreed upon by the PSRT with other organizations. - -Barry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iQCVAwUBRkjYFHEjvBPtnXfVAQIAfAQAq8052/15WnMqrEyReXJRgeJqtklKzg3f xwVaOdEQjnp0QXAg7tMf29kCxLq6kW6al8DMUPHQcaV9cH7sQcMAon0V9LwiXlwU 3d0Mbvb5RUlpRmfDniQeGljCyCLJZbk+nUbrWbLAtIsrzMaW4FaPUkTUza1ZSIHX nKhsh7fifiM= =kYxd -----END PGP SIGNATURE----- _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
