I'm willing to embark on migrating the entire installer to WiX, which doesn't directly fix any particular issue, but could significantly reduce the overhead of building and maintaining the Windows installers.
Martin - are you at PyCon today? Can we chat to figure out what how much of the work you do can be automated? (If not, email on or off list is good too.) Alternatively, if you don't want me mucking about with this, tell me and I'll stop (being willing does not mean being keen ;) ) Cheers, Steve Top-posted from my Windows Phone ________________________________ From: Martin v. Löwis<mailto:mar...@v.loewis.de> Sent: 4/13/2014 14:51 To: Paul Moore<mailto:p.f.mo...@gmail.com>; Python Dev<mailto:python-dev@python.org> Subject: Re: [Python-Dev] Windows installers and OpenSSL Am 10.04.14 15:41, schrieb Paul Moore: > Given the OpenSSL vulnerability and the fact that we bundle OpenSSL > with the Windows installers (1.0.1e in Python 3.4.0) should we be > releasing updated installers? As others have said: certainly, and only for 3.4.0 (i.e. 2.7 in particular is not affected - I'm glad I didn't update OpenSSL there past 0.9.8). My feeling with these things is that it is often better to wait until the dust settles - people in a hurry of fixing security bugs tend to introduce new ones in the process. I'm tempted to experiment with installer patch files for this (.msp); it's technically just a single DLL that would need to be replaced. Contributions are welcome. Regards, Martin _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/steve.dower%40microsoft.com
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com