[Python-Dev] Security releases of CPython
gher level of maintenance than security, it could make sense to actually make security releases (e.g. 3.9.1.x) that would include only security fixes without other changes. What do you think? -- Best regards, Michał Górny ___ Python-Dev mailing list --
[Python-Dev] Re: Security releases of CPython
t; known vulnerabilities or not. Thank you. > On Thu, Feb 11, 2021 at 9:44 PM Michał Górny wrote: > > I feel that vulnerability fixes do not make it to end users fast enough. > > For example, according to the current release schedules for 3.9 and 3.8, > > the bugfix releases ar
[Python-Dev] Re: Security releases of CPython
On Thu, 2021年02月11日 at 23:24 -0500, Terry Reedy wrote: > On 2/11/2021 3:23 PM, Michał Górny wrote: > > Hello, > > > > I'm the primary maintainer of CPython packages in Gentoo. I would like > > to discuss possible improvement to the release process in order to &
[Python-Dev] Re: Security releases of CPython
On Fri, 2021年02月19日 at 17:03 -0500, Terry Reedy wrote: > On 2/19/2021 5:11 AM, Michał Górny wrote: > > On Thu, 2021年02月11日 at 23:24 -0500, Terry Reedy wrote: > > > > Releases are not just a push of a button. Make the release > > > job too onerous, and there mi
[Python-Dev] Re: Move support of legacy platforms/architectures outside Python
e not supported. Does that imply accepting non-intrusive patches for platform support, or at least not proactively removing it? -- Best regards, Michał Górny ___ Python-Dev mailing list -- [email protected] To unsubscribe send an email to python-dev-
[Python-Dev] Re: Move support of legacy platforms/architectures outside Python
ms > fails unless users explicitly opt-in. > > The checker serves two purposes: > > 1) It gives users an opportunity to provide full PEP 11 support > (buildbot, engineering time) for a platform. Does that mean that if someone offers to run the build bot for a minor
[Python-Dev] Re: Move support of legacy platforms/architectures outside Python
x27;t ask others to maintain their code. There's no real maintenance burden involved. In fact, this whole thread feels like removing 80%-complete translations from a program because they 'burden developers' and confuse users. Even if the translations are not actively updated and degene
[Python-Dev] Re: Move support of legacy platforms/architectures outside Python
ur comment seems to imply) but because the assert is wrong and because the code turned out to be slower. That said, I wonder if this 'optimized' path has been actually benchmarked on other supported platforms. -- Best regards, Michał Górny __
[Python-Dev] Re: Move support of legacy platforms/architectures outside Python
On Mon, 2021年02月22日 at 19:54 +, Barry Scott wrote: > > > On 22 Feb 2021, at 12:40, Michał Górny wrote: > > > > > I'm talking about 16-bit memory alignment which causes SIGBUS if it's > > > not respected on m68k. > > > > > > >
[Python-Dev] Re: Move support of legacy platforms/architectures outside Python
use the x86 optimization hack is actually slower on m68k. I suspect that if more benchmarking was made, it might turn out that #ifdef should actually disable it on more platforms. -- Best regards, Michał Górny ___ Python-Dev mailing list --
[Python-Dev] Re: Have virtual environments led to neglect of the actual environment?
r to prevent conflicts. If pip installs a different version of the same package as the package manager, which one is supposed to be used? Whichever choice you make, you'll bound to eventually break dependency graph of some package. -- Best regards, Michał Górny __
[Python-Dev] Re: pth file encoding
of knowing the correct encoding for the filesystem. -- Best regards, Michał Górny ___ Python-Dev mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3/lists/python-dev.pytho
[Python-Dev] Re: NOTE: Python 3.9.3 contains an unintentional ABI incompatibility leading to crashes on 32-bit systems
n't like the idea of combining security fixes with irrelevant changes. Good that I've chosen to backport the secfixes instead of pushing the new version to Gentoo stable. -- Best regards, Michał Górny ___ Python-Dev mailing list -- python-dev
[Python-Dev] Re: NOTE: Python 3.9.3 contains an unintentional ABI incompatibility leading to crashes on 32-bit systems
On Mon, 2021年04月05日 at 11:17 -0700, Ethan Furman wrote: > On 4/4/21 7:10 AM, Michał Górny wrote: > > > This is precisely what I meant when I said I don't like the idea of > > combining security fixes with irrelevant changes. Good that I've chosen > > to backpo
[Python-Dev] Re: gzip.py: allow deterministic compression (without time stamp)
r a > new constant NO_TIMESTAMP. > > So this is primarily a documentation problem [2]. For this, I will create a > pull request to gzip.py. I think having an extra constant (equal to 0) wouldn't hurt and could make the code a bit more explicit. --
[Python-Dev] Python release timeline plot
period for 2.5 not to overstretch it to the left. If you see any mistakes, please let me know. -- Best regards, Michał Górny ___ Python-Dev mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.
[Python-Dev] Re: name for new Enum decorator
liased values that can be used when the > programmer thinks it's appropriate... but > I have no idea what to call it. > > Any nominations? > Maybe something like the following would be a good starting point: @bitmask_require_individual_bits -- Best regards, Michał G
[Python-Dev] Re: Tool to search in the source code of PyPI top 5000 projects
ld versions, you are quite likely to miss impact on projects that are using the deprecated API in old versions that are still used because of their reverse dependencies. -- Best regards, Michał Górny ___ Python-Dev mailing list -- [email protected] To un
[Python-Dev] Re: [RELEASE] Python 3.10.3, 3.9.11, 3.8.13, and 3.7.13 are now available with security content
uming signed data in 'Python-3.9.11.tar.xz' gpg: Signature made wto, 15 mar 2022, 22:17:14 CET gpg:using RSA key E3FF2839C048B25C084DEBE9B26995E310250568 gpg: BAD signature from "Łukasz Langa (GPG langa.pl) " [unknown] -- Best regards, Michał Górny _
[Python-Dev] Re: [RELEASE] Python 3.10.3, 3.9.11, 3.8.13, and 3.7.13 are now available with security content
On Wed, 2022年03月16日 at 13:19 -0400, Ned Deily wrote: > On Mar 16, 2022, at 12:53, Michał Górny wrote: > > The 3.9 .tar.xz doesn't seem to pass signature verification: > > > > $ gpg --verify Python-3.9.11.tar.xz.asc > > gpg: assuming signed data in 'Python-3
[Python-Dev] Re: Migration plan for the distutils removal in Python 3.12
27;s perspective, there should be no major problem with removing distutils from stdlib in Python 3.12. Admittedly, distributions are in the more convenient position here since we can easily patch packages should we find any breakage, while users of pypi are ge
[Python-Dev] Re: problem with abandonned lib pyliblo
mon way forward. Having some packages depend on now-reclaimed "pyliblo" and "pyliblo3" fork would be the worst possible outcome. -- Best regards, Michał Górny ___ Python-Dev mailing list -- [email protected] To unsubscribe sen