On Jan 23, 2008 12:25 PM, Steve Holden <[EMAIL PROTECTED]> wrote: > Giampaolo Rodola' wrote: > >> Also, *nothing* should go into the 2.4 branch any more *except* > >> important security patches. > ^^^^^^^^^ > > > > http://bugs.python.org/issue1745035 > > I guess this one should concern both 2.4 and 2.5 branches. > > > > Egregious though the error may be I can't myself see that a complete new > release is justified simply to include a four-line patch in a single > (not often-used?) module. If it were a buffer overflow it might be > different (but that would pretty much have to involve a C component). > > Couldn't we just publicize the patch? I can't bring myself to believe > that 1745035 is really "important" enough.
It should go into 2.5 for sure. It should go into 2.4 at the discretion of the release manager. We *are* considering a pure-security-fixes source-only release of 2.4 (I wasn't 100% clear on that in my first mail in this thread). IMO DoS vulnerabilities are rarely worth getting excited about, unless they have the potential of bringing down a significant portion of the internet. This one doesn't. -- --Guido van Rossum (home page: http://www.python.org/~guido/) _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
