On 19 May 2014 12:35, Guido van Rossum <gu...@python.org> wrote: > At the very least PEP 466 needs to be updated to admit the failure -- it > would be a shame if people read the PEP and assumed the promised features > actually landed in 2.7.7 (which the PEP explicitly lists).
Will do - I'll update that to reference the specific issues tracking the implementation of the individual elements. On a related note, I was also thinking about adding a new section to the What's New in Python 2.7 doc. Specifically, a new "Security Enhancements in Maintenance Releases" section after the existing "The Future of Python 2.x" section. That would reference PEP 466 for background, and then list the specific maintenance releases where these features have been added (so just the one 2.7.7 entry for hmac.compare_digest to start with). I'd also add a direct link to PEP 373 (the 2.7 release schedule PEP) from the first bullet point under "The Future of Python 2.x" section (as well as rewording that point to better reflect the current state of things) Regards, Nick. P.S. As far as additional development resources for long term upstream CPython maintenance go - I'm working on it (and my understanding is that folks at other orgs are as well). Personally, I'm still in the gap between "that's likely a good idea" and actually translating the concept into available developer time. While Heartbleed has helped raise awareness of the whole "What are we depending on without committing sufficient development resources to long term maintenance?" problem, large orgs still don't tend to move that fast :) -- Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com