On Thu, Dec 21, 2006 at 02:21:40PM -0800, Thomas Bushnell BSG wrote: > On Wed, 2006-12-20 at 19:51 -0800, Steve Langasek wrote: > > On Tue, Dec 19, 2006 at 11:17:03AM -0800, Thomas Bushnell BSG wrote: > > > The python team has apparently decreed that python 2.3 will not be in > > > etch. This forces every package to use the new version. Surely it is > > > too late in the release cycle to be risking regressions in this way?
> > The python team has expressed concern about the security supportability of > > python2.3 in etch. Extension packages built with the current version of > > python-all-dev and friends already have no support for python2.3; shipping > > python2.3 in stable for the benefit of a handful of reverse dependencies is > > a genuine concern, particularly when those reverse-deps work just fine with > > python 2.4. > And yet, this isn't the only case. Users actually use the programs in > Debian, not just other parts of Debian. Why is python 2.3 some sort of > security nightmare? And what suddenly happened to make it one? $ du -sh p/python2.3/python2.3_2.3.5.orig.tar.gz 8.2M p/python2.3/python2.3_2.3.5.orig.tar.gz $ That much code is always a security nightmare, it just now happens to be one that we can feasibly get rid of. :) > What about users who are depending on Python 2.3? Do they just lose? Users who depend on obsolete software always lose when the bar moves. I don't find that a compelling reason to keep python2.3 around for another release cycle, when it's going to be dropped later anyway. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]