> > In effect, this is what the PEP says. That's intentional (i.e. it > > is my intention - others may have different intentions). It's the > > repository that holds the security patches; the tarballs (and the > > version number bumps) are just a convenience. > > It's not the intentions of the Python developers that is my concern > here. In effect, I can read this PEP as saying "we don't take > security seriously enough to release in a timely fashion, why should > you go to the effort of getting sources and applying patches?" and I > fear that many users will do so. I think that the label of "release" > is important.
[Not sure who "you" is above: who should or should not go to the effort of getting sources, and what patches should they apply?] I don't think I can be more plain than that: yes, I do not take security seriously enough to release security fixes for old Python versions more than once a year. As a user, it's easy to demand things, and people really have to learn that in open source, all things are done by volunteers, and that demanding gets you nowhere. To get a better service, somebody really has to volunteer and offer it. Regards, Martin _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com