A quick thanks from me, Ned, for stepping forward to help 3.3 pine for the fjords.
On Sat, Jul 15, 2017, 14:51 Ned Deily, <n...@python.org> wrote: > Python 3.3 is fast approaching its end-of-life date, 2017-09-29. Per our > release policy, that date is five years after the initial release of 3.3, > 3.3.0 final on 2012-09-29. Note that 3.3 has been in security-fix only > mode since the 2014-03-08 release of 3.3.5. It has been a while since we > produced a 3.3.x security-fix release and, due to his commitments > elsewhere, Georg has agreed for me to lead 3.3 to its well-deserved > retirement. > > To that end, I would like to schedule its next, and hopefully final, > security-fix release to coincide with the already announced 3.4.7 > security-fix release. In particular, we'll plan to tag and release 3.3.7rc1 > on Monday 2017-07-24 (UTC) and tag and release 3.3.7 final on Monday > 2017-08-07. In the coming days, I'll be reviewing the outstanding 3.3 > security issues and merging appropriate 3.3 PRs. Some of them have been > sitting as patches for a long time so, if you have any such security issues > that you think belong in 3.3, it would be very helpful if you would review > such patches and turn them into 3.3 PRs. > > As a reminder, here are the guidelines from the devguide as to what is > appropriate for a security-fix only branch: > > "The only changes made to a security branch are those fixing issues > exploitable by attackers such as crashes, privilege escalation and, > optionally, other issues such as denial of service attacks. Any other > changes are not considered a security risk and thus not backported to a > security branch. You should also consider fixing hard-failing tests in open > security branches since it is important to be able to run the tests > successfully before releasing." > > Note that documentation changes, other than any that might be related to a > security fix, are also out of scope. > > Assuming no new security issues arise prior to the EOL date, 3.3.7 will > likely be the final release of 3.3. And you really shouldn't be using 3.3 > at all at this point; while downstream distributors are, of course, free to > provide support of 3.3 to their customers, in a little over two months when > EOL is reached python-dev will no longer accept any issues or make any > changes available for 3.3. If you are still using 3.3, you really owe it > to your applications, to your users, and to yourself to upgrade to a more > recent release of Python 3, preferably 3.6! Many, many fixes, new > features, and substantial performance improvements await you. > > https://www.python.org/dev/peps/pep-0398/ > https://devguide.python.org/devcycle/#security-branches > > -- > Ned Deily > n...@python.org -- [] > > _______________________________________________ > python-committers mailing list > python-committ...@python.org > https://mail.python.org/mailman/listinfo/python-committers > Code of Conduct: https://www.python.org/psf/codeofconduct/ >
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
