Guido van Rossum wrote: > On Jan 23, 2008 12:25 PM, Steve Holden <[EMAIL PROTECTED]> wrote: >> Giampaolo Rodola' wrote: >>>> Also, *nothing* should go into the 2.4 branch any more *except* >>>> important security patches. >> ^^^^^^^^^ >>> http://bugs.python.org/issue1745035 >>> I guess this one should concern both 2.4 and 2.5 branches. >>> >> Egregious though the error may be I can't myself see that a complete new >> release is justified simply to include a four-line patch in a single >> (not often-used?) module. If it were a buffer overflow it might be >> different (but that would pretty much have to involve a C component). >> >> Couldn't we just publicize the patch? I can't bring myself to believe >> that 1745035 is really "important" enough. > > It should go into 2.5 for sure. It should go into 2.4 at the > discretion of the release manager. We *are* considering a > pure-security-fixes source-only release of 2.4 (I wasn't 100% clear on > that in my first mail in this thread). > > IMO DoS vulnerabilities are rarely worth getting excited about, unless > they have the potential of bringing down a significant portion of the > internet. This one doesn't. > Yes. There has to be a 2.5.2 release and there's no reason to exclude it from that.
regards Steve -- Steve Holden +1 571 484 6266 +1 800 494 3119 Holden Web LLC http://www.holdenweb.com/ _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
