On Thu, Oct 12, 2006 at 06:08:46PM +1000, Anthony Baxter wrote: > I've had a couple of queries about whether PSF-2006-001 merits a 2.3.6. > Personally, I lean towards "no" - 2.4 was nearly two years ago now. But I'm > open to other opinions - I guess people see the phrase "buffer overrun" and > they get scared. As a data point: python 2.3 is the shipped version of python in current stable Debian release (sarge). It is also vulnerable by default (sys.maxunicode == 1114111). I'm sure the debian maintainers are capable of picking up the patch and sending out a security update themselves, but by releasing a fixed 2.3 you'll send a stronger message to all the distributions hopefully! > Plus once 2.4.4 final is out next week, I'll have cut 12 releases > since March. Assuming a 2.5.1 before March (very likely) that'll be > 14 releases in 12 months. 16 releases in 12 months would just about > make me go crazy. I sympathise! I do released for my current workplace and it is time consuming and exacting work. -- Nick Craig-Wood <nick at craig-wood.com> -- http://www.craig-wood.com/nick
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4