Hi Wen,
The latest round of lang/python* updates (3.9.14 still pending) don't
appear to have been marked as security releases (in security/vuxml) or
merged to the quarterly branch (for security and bugfixes).
lang/python310: Update to 3.10.7
https://cgit.freebsd.org/ports/commit/lang?id=1d9f19a0169e1cdbfedda11b75635fe89444a6c1
https://docs.python.org/release/3.10.7/whatsnew/changelog.html#python-3-10-7-final
lang/python37: Update to 3.7.14
https://cgit.freebsd.org/ports/commit/lang?id=7a50813b62ea926b18447a23cd75aa84b5569f22
https://www.python.org/downloads/release/python-3714/
lang/python38: Update to 3.8.14
https://cgit.freebsd.org/ports/commit/lang?id=fddd2fc682516649a9a180d65fbece9c3ff80af0
https://docs.python.org/release/3.8.14/whatsnew/changelog.html
lang/python39: Update to 3.9.14
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266286
https://docs.python.org/release/3.9.14/whatsnew/changelog.html
Everyone appreciates your time and effort keeping Python language ports
up to date, but it's also important that we set a high standards of QA
and completeness. It goes without saying that this is especially the
case for security issues.
Additionally, the Python team has the luxury of having an upstream that
has multiple long-lived minor version branches that only receive
security and bug fixes (with an explicit no feature change policy).
This means that every release after a version x.0 is a bugfix and/or
security update, should be merged (merge by default).
I'd like to ask (everyone), that all future Python language port updates
at a minimum:
- Have issues created in Bugzilla
- Have at least one other Python team member review/accept before being
committed, ideally more.
- For maintenance releases (any versions after a *.0), are marked for
merging by default (merge-quarterly = ?), and merged before being
considered resolved and closing in Bugzilla.
- For security updates: Have security/vuxml entry patches attached along
side version update patches in Bugzilla
--
Regards,
Kubilay
^Python
