Hi Christian, On 03/26/2015 05:11 PM, Christian Hammond wrote: > I know you guys are still sorting out how you want to run this, but I > wanted to let you know that, given our current dependence on Python 2.6, > I'm willing to do what's needed to maintain security backports for > either an official or unofficial fork. > > I'd love to know some further thoughts on the logistics for this. Things > like how versioning would work, what you'd need from me, what kind of > timeframes we'd have to work with, any legalese needed to be notified of > security issues, etc.
Tim pointed you to the details for requesting security pre-notification. We pre-notify a week in advance, so that's the timeframe you'd have available to get a patch (or patches) prepped to apply to your fork. Obviously we'd expect that you wouldn't push any patches to a public fork until the embargo ends with our release announcement; you could manage that by simply staging patches on a local machine, or by coordinating patches during the embargo in a private GitHub repo. Carl -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/5515850C.2090307%40oddbird.net. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
