I understand both the importance of stability and the need for a security 
audit at some point.  (I do wish we had the funds or I had the time to 
help move it forward, but I don't.)  I also understand the need for a 
consistent framework for reporting and resolving bugs.  It is reasonable 
to expect that all bugs be reported against the same framework to 
eliminate one significant possible variable.

What does concern me is the way in which the recommendation to use (at the 
moment) Python 2.3.5 is explained.

I may be willing to accept the risks of using a system which has not yet 
been audited in terms of security, but I want to know if there are any 
reported instabilities or incompatibilities which have been identified 
when, say, Python 2.4.X is used.

I'd rather people say that the standard reference platform against which
all bugs should be reported uses 2.3.5, and that use of other, later
versions of Python is at your own risk.  When using another Python that is
known to cause problems, it would make sense to identify the problem so
that users can make an informed decision.  There are times when there are
Python version related problems and these need to be identified and
publicized.  We certainly collect the incompatilities (if there are any)
so they can be fixed as eventually the code base will move to later python


On Sun, 16 Oct 2005, Andreas Jung wrote:

> --On 16. Oktober 2005 11:54:18 -0700 Dennis Allison 
> <[EMAIL PROTECTED]> wrote:
> >
> > IMHO it would be wise to track the releases of Python a bit more closely.
> Software components choosen for a framework have to be solid and approved.
> There is no reason to  run after every new python version or whatever. 
> Stability and performance is somewhat more important than hunting for new 
> language features.. Some features of Python 2.4 are nice2have but we can 
> perfectly live with Python 2.3.5. If you want Python 2.4, use it (at your 
> own risk).
> As we already explained a bunch of times (sorry, this issue is bothering
> the more people ask about the same issue), a security audit has not happened
> yet. Why not? Because it takes time to do such an audit and the persons
> that can do such an audit likely had not time so far. So things are as they 
> are and will change as they change. If you have the skills, resources
> and perhaps some money to fund the audit then raise your hand. Otherwise we 
> have to wait until it will happen.
> -aj


Zope maillist  -
**   No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to