"Barry Warsaw" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > -----BEGIN PGP SIGNED MESSAGE----- > I've offered in the past to dust off my release manager cap and do a > 2.3.6 release. Having not done one in a long while, the most > daunting part for me is getting the website updated, since I have > none of those tools installed. > > I'm still willing to do a 2.3.6, though the last time this came up > the response was too underwhelming to care. I'm not sure this > advisory is enough to change people's minds about that -- I'm sure > any affected downstream distro is fully capable of patching and re- > releasing their own packages. Since this doesn't affect the > binaries /we/ release, I'm not sure I care enough either.
Perhaps all that is needed from both a practical and public relations viewpoint is the release of a 2.3.5U4 security patch as a separate file listed just after 2.3.5 on the source downloads page (if this has not been done already). Add a note (or link to a note) to the effect that it should be applied if one has or is going to compile a wide Unicode build for use in an environment exposed to untrusted Unicode text. tjr _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com