"Barry Warsaw" <barry at python.org> wrote in message news:2514DA1C-F5A1-4144-9068-006A933C516C at python.org... > -----BEGIN PGP SIGNED MESSAGE----- > I've offered in the past to dust off my release manager cap and do a > 2.3.6 release. Having not done one in a long while, the most > daunting part for me is getting the website updated, since I have > none of those tools installed. > > I'm still willing to do a 2.3.6, though the last time this came up > the response was too underwhelming to care. I'm not sure this > advisory is enough to change people's minds about that -- I'm sure > any affected downstream distro is fully capable of patching and re- > releasing their own packages. Since this doesn't affect the > binaries /we/ release, I'm not sure I care enough either. Perhaps all that is needed from both a practical and public relations viewpoint is the release of a 2.3.5U4 security patch as a separate file listed just after 2.3.5 on the source downloads page (if this has not been done already). Add a note (or link to a note) to the effect that it should be applied if one has or is going to compile a wide Unicode build for use in an environment exposed to untrusted Unicode text. tjr
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4