> On Mon, 28.07.2008 at 17:24:01 -0700, Peter Valchev <[EMAIL PROTECTED]> wrote: > > We are in release mode, with 4.4 just around the corner. This means > > that from now, no more commits to ports unless they are VERY urgent - > > such as fixing a broken dependency, high impact security issue, etc, > > I'd like to point at some problems in Python 2.5.2, which I became > aware of just two days ago: > > CVE-2007-2052 CVE-2007-4965 CVE-2008-1679 CVE-2008-1721 CVE-2008-1887 > > The latter two are claimed to result in the execution of arbitrary > code.
Yes, and sometimes tough love is required. Perhaps whoever the maintainer is will merge this in time. Perhaps not. Let me pose a question: Would you rather have a good release that has good quality integration between packages or One that has the latest python? You can't always have both.