On 2012-04-17 09:06, Jason Tishler wrote:
Yaakov,
On Mon, Apr 16, 2012 at 07:07:43PM -0500, Yaakov (Cygwin/X) wrote:
Security vulnerabilities have been announced in Python (CVE-2011-3389,
CVE-2012-0845, CVE-2012-0876, CVE-2012-1150) and are fixed in 2.6.8.
I will release 2.6.8 as soon as I can.
After that, do you have plans for 2.7 and 3.2?
I guess we can handle the 2.6 to 2.7 transition the same way we handled
the 2.5 to 2.6 one. Should I begin that process after I release 2.6.8?
I think so; a month should be enough, and now is a good time for me as any.
AFAICT, I can release 3.x packages that can be installed along side of
the 2.x ones. If so, then the 3.2 packages can be released without
coordination from the Python module package maintainers. Am I correct?
Mostly. I have 26 packages in Ports which use python3 that I want to
update for 3.2 first; it should only take me a day or two to do that.
Perhaps we should do that first, then start working on the 2.6->2.7 bump.