The default Make flags differ from platform to platform (and compiler
to compiler, IIRC) as well. Thanks for this overview of RHEL/Fedora
Python build security flags.
( Containers are the easiest way to get per- python interpreter
SELinux contexts ( in order to limit the impact of exploitation of
Mike Miller writes:
> Sounds like automating until it is "just a push of a button,"
> should be a goal. According to Victor there has been progress, but
> always room for more.
When XEmacs was releasing betas regularly, everything from tagging the
local authoritative repo to pushing to the pub
On Thu, 2021-02-11 at 23:24 -0500, Terry Reedy wrote:
> ... Releases are not just a push of a button.
On 2021-02-19 15:05, Stestagg wrote:
> > The thing that stood out from this conversation, for me, is: Releases
> > are too hard, and there’s a risk of not having enough volunteers as a
Looking at the other replies, I'm wondering if you fully understand python's
variant of version numbering.
I suggest we change the announcement template from:
"Python 3.9.2 is the newest major release of the Python programming language,
and it contains many new features and optimizations."
On 2/19/21 11:55 PM, Steve Holden wrote:
The PSF needs needs sufficient money to hire a couple of people, so the
PSF can turn release management and security maintenance from unpaid
volunteers into paid fulltime jobs.
Oh, is that all? Sustainability of the PSF, as has been shown ov
On Thu, Feb 11, 2021 at 9:44 PM Michał Górny wrote:
> I feel that vulnerability fixes do not make it to end users fast enough.
I think that it's time to put that into perspective with past vulnerabilities.
Ok, let me look at the timeline of the discussed vulnerability, ctypes
CVE-2021-3177:
http
On Fri, 2021-02-19 at 17:03 -0500, Terry Reedy wrote:
> On 2/19/2021 5:11 AM, Michał Górny wrote:
> > On Thu, 2021-02-11 at 23:24 -0500, Terry Reedy wrote:
>
> > > Releases are not just a push of a button. Make the release
> > > job too onerous, and there might not be any more volunteers.
> >
>
On Fri, Feb 19, 2021 at 10:53 PM Christian Heimes
wrote:
> On 19/02/2021 23.22, Stestagg wrote:
> > The thing that stood out from this conversation, for me, is: Releases
> > are too hard, and there’s a risk of not having enough volunteers as a
> > result.
> >
> > How hard is it to fix that?
>
> A
On Fri, Feb 19, 2021 at 3:10 PM Stestagg wrote:
>
>
> On Fri, 19 Feb 2021 at 22:50, Christian Heimes
> wrote:
>
>> On 19/02/2021 23.22, Stestagg wrote:
>> > The thing that stood out from this conversation, for me, is: Releases
>> > are too hard, and there’s a risk of not having enough volunteers
On Fri, 19 Feb 2021 at 22:50, Christian Heimes wrote:
> On 19/02/2021 23.22, Stestagg wrote:
> > The thing that stood out from this conversation, for me, is: Releases
> > are too hard, and there’s a risk of not having enough volunteers as a
> > result.
> >
> > How hard is it to fix that?
>
> Actu
On 19/02/2021 23.22, Stestagg wrote:
> The thing that stood out from this conversation, for me, is: Releases
> are too hard, and there’s a risk of not having enough volunteers as a
> result.
>
> How hard is it to fix that?
Actually it's easy to fix!
The PSF needs needs sufficient money to hire
The thing that stood out from this conversation, for me, is: Releases are
too hard, and there’s a risk of not having enough volunteers as a result.
How hard is it to fix that?
Steve
On Fri, 19 Feb 2021 at 22:05, Terry Reedy wrote:
> On 2/19/2021 5:11 AM, Michał Górny wrote:
> > On Thu, 2021-02
On 2/19/2021 5:11 AM, Michał Górny wrote:
On Thu, 2021-02-11 at 23:24 -0500, Terry Reedy wrote:
Releases are not just a push of a button. Make the release
job too onerous, and there might not be any more volunteers.
While I understand your concerns and sympathize with them,
Your accusatio
On Fri, Feb 19, 2021 at 2:16 AM Michał Górny wrote:
> On Thu, 2021-02-11 at 23:24 -0500, Terry Reedy wrote:
> > On 2/11/2021 3:23 PM, Michał Górny wrote:
> > > Hello,
> > >
> > > I'm the primary maintainer of CPython packages in Gentoo. I would like
> > > to discuss possible improvement to the re
On Thu, 2021-02-11 at 23:24 -0500, Terry Reedy wrote:
> On 2/11/2021 3:23 PM, Michał Górny wrote:
> > Hello,
> >
> > I'm the primary maintainer of CPython packages in Gentoo. I would like
> > to discuss possible improvement to the release process in order to
> > accelerate releasing security fixes
On Tue, 2021-02-16 at 00:53 +0100, Victor Stinner wrote:
> Hi Michał,
>
> I created https://python-security.readthedocs.io/ website to track
> known Python vulnerabilities to help me checking if fixes are
> backported to all supported Python branches. I'm maintaing this list
> manually, it's far f
Hi Michał,
I created https://python-security.readthedocs.io/ website to track
known Python vulnerabilities to help me checking if fixes are
backported to all supported Python branches. I'm maintaing this list
manually, it's far from being complete, and likely outdated.
I also created https://gith
On Thu, Feb 11, 2021 at 8:29 PM Terry Reedy wrote:
> On 2/11/2021 3:23 PM, Michał Górny wrote:
> > Hello,
> >
> > I'm the primary maintainer of CPython packages in Gentoo. I would like
> > to discuss possible improvement to the release process in order to
> > accelerate releasing security fixes t
On 2/11/2021 3:23 PM, Michał Górny wrote:
Hello,
I'm the primary maintainer of CPython packages in Gentoo. I would like
to discuss possible improvement to the release process in order to
accelerate releasing security fixes to users.
I feel that vulnerability fixes do not make it to end users fa
19 matches
Mail list logo