> On Mon, 28.07.2008 at 17:24:01 -0700, Peter Valchev <[EMAIL PROTECTED]> wrote:
> > We are in release mode, with 4.4 just around the corner. This means
> > that from now, no more commits to ports unless they are VERY urgent -
> > such as fixing a broken dependency, high impact security issue, etc,
>
> I'd like to point at some problems in Python 2.5.2, which I became
> aware of just two days ago:
>
> CVE-2007-2052 CVE-2007-4965 CVE-2008-1679 CVE-2008-1721 CVE-2008-1887
>
> The latter two are claimed to result in the execution of arbitrary
> code.
Yes, and sometimes tough love is required.
Perhaps whoever the maintainer is will merge this in time.
Perhaps not.
Let me pose a question:
Would you rather have a good release that has good quality
integration between packages
or
One that has the latest python?
You can't always have both.
