[python-committers] Planning a hotfix Python 3.8.5
Hey team, there are 3 security-related fixes in the 3.8 branch post 3.8.4, one with a CVE, another with a pending CVE if I understood Steve correctly. I'd like to release a hotfix 3.8.5 on Monday. Since this is a special security-focused release, it will be essentially 3.8.4 + those three changes cherry-picked. That gives us enough confidence about the release that we can skip a release candidate for it. If you have any other security-related changes you think belong in 3.8, please merge them before Monday 8am CEST. Cheers, Ł ___ python-committers mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3/lists/python-committers.python.org/ Message archived at https://mail.python.org/archives/list/[email protected]/message/YFSIH37DA3LQFIENE6MBNSGKJJ62EXEP/ Code of Conduct: https://www.python.org/psf/codeofconduct/
[python-committers] Re: Planning a hotfix Python 3.8.5
On 7/16/20 7:36 PM, Łukasz Langa wrote: > Hey team, > there are 3 security-related fixes in the 3.8 branch post 3.8.4, one with a > CVE, another with a pending CVE if I understood Steve correctly. I'd like to > release a hotfix 3.8.5 on Monday. > > Since this is a special security-focused release, it will be essentially > 3.8.4 + those three changes cherry-picked. That gives us enough confidence > about the release that we can skip a release candidate for it. > > If you have any other security-related changes you think belong in 3.8, > please merge them before Monday 8am CEST. what about https://bugs.python.org/issue41295 ? This is marked as a regression compared to 3.8.3. Matthias ___ python-committers mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3/lists/python-committers.python.org/ Message archived at https://mail.python.org/archives/list/[email protected]/message/OANDHUTOUCWMVMA52O4LOPPGK7GG2TOL/ Code of Conduct: https://www.python.org/psf/codeofconduct/
[python-committers] Re: Planning a hotfix Python 3.8.5
Good call, Matthias. We will include it as long as it's merged before Monday 8am CEST. - Ł > On 16 Jul 2020, at 20:00, Matthias Klose wrote: > > On 7/16/20 7:36 PM, Łukasz Langa wrote: >> Hey team, >> there are 3 security-related fixes in the 3.8 branch post 3.8.4, one with a >> CVE, another with a pending CVE if I understood Steve correctly. I'd like to >> release a hotfix 3.8.5 on Monday. >> >> Since this is a special security-focused release, it will be essentially >> 3.8.4 + those three changes cherry-picked. That gives us enough confidence >> about the release that we can skip a release candidate for it. >> >> If you have any other security-related changes you think belong in 3.8, >> please merge them before Monday 8am CEST. > > what about https://bugs.python.org/issue41295 ? > > This is marked as a regression compared to 3.8.3. > > Matthias ___ python-committers mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3/lists/python-committers.python.org/ Message archived at https://mail.python.org/archives/list/[email protected]/message/62YEVIS7DNAC2H2MUWAOBPFMJIOJCUYD/ Code of Conduct: https://www.python.org/psf/codeofconduct/
[python-committers] Re: Planning a hotfix Python 3.8.5
On 7/16/20 8:47 PM, Łukasz Langa wrote: > Good call, Matthias. We will include it as long as it's merged before Monday > 8am CEST. what exactly include? Or just revert https://github.com/python/cpython/commit/8912c182455de83e27d5c120639ec91b18247913 on the 3.8 branch? > > - Ł > > > >> On 16 Jul 2020, at 20:00, Matthias Klose wrote: >> >> On 7/16/20 7:36 PM, Łukasz Langa wrote: >>> Hey team, >>> there are 3 security-related fixes in the 3.8 branch post 3.8.4, one with a >>> CVE, another with a pending CVE if I understood Steve correctly. I'd like >>> to release a hotfix 3.8.5 on Monday. >>> >>> Since this is a special security-focused release, it will be essentially >>> 3.8.4 + those three changes cherry-picked. That gives us enough confidence >>> about the release that we can skip a release candidate for it. >>> >>> If you have any other security-related changes you think belong in 3.8, >>> please merge them before Monday 8am CEST. >> >> what about https://bugs.python.org/issue41295 ? >> >> This is marked as a regression compared to 3.8.3. >> >> Matthias > ___ python-committers mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3/lists/python-committers.python.org/ Message archived at https://mail.python.org/archives/list/[email protected]/message/RNF2QSPV72BVL2ITNJB66KTN5NRWPSNE/ Code of Conduct: https://www.python.org/psf/codeofconduct/
[python-committers] Re: Planning a hotfix Python 3.8.5
On 7/16/2020 1:36 PM, Łukasz Langa wrote: there are 3 security-related fixes in the 3.8 branch post 3.8.4, one with a CVE, another with a pending CVE if I understood Steve correctly. I'd like to release a hotfix 3.8.5 on Monday. Since this is a special security-focused release, it will be essentially 3.8.4 + those three changes cherry-picked. That gives us enough confidence about the release that we can skip a release candidate for it. If you have any other security-related changes you think belong in 3.8, please merge them before Monday 8am CEST. Please include the much needed one line addition of 'import io' to idlelib.iomenu. See https://bugs.python.org/issue41300 https://github.com/python/cpython/pull/21512 (Testing and backporting and testing in progress.) Its omission from a patch backported July 1 prevents saving files with non-ascii chars in comments and string literals. Terry Jan Reedy ___ python-committers mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3/lists/python-committers.python.org/ Message archived at https://mail.python.org/archives/list/[email protected]/message/G6CKW4XJZVFYNAX6O2MADBG5Q3E45MS7/ Code of Conduct: https://www.python.org/psf/codeofconduct/
