On 3/24/2014 9:43 AM, Nick Coghlan wrote:
And time for round 3 :)
And round 3 of my response: contrary to what I said before, I now think that the base proposal should be the simplest possible: selectively (and minimally) waive the 'no-enhancement in maintenance release policy' for future 2.7 releases because certain internet security features have become dangerously obsolete and socially irresponsible and because 2.7 is exceptional in not having a followup version and will be exceptional in its amount and length of use.
When we do a brown bag release in 1 to 4 weeks, we break the normal maintenance interval. We create a nuisance for those who already downloaded the replaced release. We create a nuisance for those who test with each maintenance release. But the reason we do that is because we also have a no-regression policy and we decide that the nuisance of a quick release is over-ridden by the nuisance of regression -- even if doing so increases the net user pain over not doing the quick release. (I personally have not been affected by regressions so far but have been affected by the new-release nuisance.)
In the area of internet security, standing still for too long is a form of regression -- in terms of effectiveness.
An enhanced version of 2.7 will be a bit of a nuisance, but only for the people who use the enhancements. The decreasing effectiveness of static security modules will also be a nuisance.
-- Terry Jan Reedy _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
