"Barry Warsaw" <barry python.org> wrote in
message
news:2514DA1C-F5A1-4144-9068-006A933C516Cpython.org...
> -----BEGIN PGP SIGNED MESSAGE-----
> I've offered in the past to dust off my release manager
cap and do a
> 2.3.6 release. Having not done one in a long while,
the most
> daunting part for me is getting the website updated,
since I have
> none of those tools installed.
>
> I'm still willing to do a 2.3.6, though the last time
this came up
> the response was too underwhelming to care. I'm not
sure this
> advisory is enough to change people's minds about that
-- I'm sure
> any affected downstream distro is fully capable of
patching and re-
> releasing their own packages. Since this doesn't
affect the
> binaries /we/ release, I'm not sure I care enough
either.
Perhaps all that is needed from both a practical and public
relations
viewpoint is the release of a 2.3.5U4 security patch as a
separate file
listed just after 2.3.5 on the source downloads page (if
this has not been
done already).
Add a note (or link to a note) to the effect that it should
be applied if
one has or is going to compile a wide Unicode build for use
in an
environment exposed to untrusted Unicode text.
tjr
_______________________________________________
Python-Dev mailing list
Python-Devpython.org
ht
tp://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: http://mail.python.org/mailman/options/p
ython-dev/nessto%40sharedlog.com
|