On Thu, 30 Jul 2015 00:11:53 +0200, Jesus Cea <j...@jcea.es> wrote: > On 29/07/15 18:50, Guido van Rossum wrote: > > I believe that in this particular case, the bug was fixed (by tightening > > the requirements for headers) because the bug can lead to security > > vulnerabilities. I think you can find more by Googling for keywords like > > "http header injection". The more recent Python 2.7 bugfix releases have > > specific exemptions from the backwards compatibility requirements for > > security fixes -- because their lifespan will still be many years (EOL > > of 2.7 is summer 2020). > > That argument is valuable but it fails when considering that this fix > will be present in 3.4.4 too, with a normal EOL. I am OK with that, > though. As I said, I sent my first message for policy verification and > to raise awareness.
No, the security bug fix conditional exception applies to all maintenance releases. The big (PEP required) exception for 2.7 was that the *API* changed in 2.7 in certain ways. --David _______________________________________________ python-committers mailing list python-committers@python.org https://mail.python.org/mailman/listinfo/python-committers
