Re: [Python-Dev] 2.3.5 and 2.4.1 release plans
On 2005 Feb 05, at 07:43, Anthony Baxter wrote: Ok, so here's the state of play: 2.3.5 is currently aimed for next Tuesday, but there's an outstanding issue - the new copy code appears to have broken something, see www.python.org/sf/1114776 for the gory details. I'm completely out of time this weekend to look into it too closely - if someone has 1/2 an hour and wants to do some triage on the bug, I'd appreciate it, a great deal. Done: the issue is easy to fix but not to reproduce, and I'd like to reproduce it so as to fix the unit tests, which currently don't catch the problem. The problem boils down to: deepcopying an instance of a type that doesn't have an __mro__ (and is not one of the many types explicitly recorded in the _deepcopy_dispatch dictionary, such as types.ClassType, types.InstanceType, etc, etc). The easy fix: instead of cls.__mro__ use inspect.getmro which deals with that specifically. Before I commit the fix: can anybody help out with an example of a type anywhere in the standard library that should be deepcopyable, used to be deepcopyable in 2.3.4, isn't one of those which get explicitly recorded in copy._deepcopy_dispatch, AND doesn't have an __mro__? Even the _testcapi.Copyable type magically grows an __mro__; I'm not sure how to MAKE a type w/o one... Thanks, Alex ___ Python-Dev mailing list [email protected] http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Re: [Python-checkins] python/dist/src/Python future.c, 2.14, 2.15
On Sat, 5 Feb 2005 02:31:26 -0500, Raymond Hettinger <[EMAIL PROTECTED]> wrote: > [Anthony] > > While this is undoubtedly a bug fix, I'm not sure that it should be > > backported - it will break people's code that is "working" now (albeit > > in a faulty way). What do people think? > > I concur -- the balance of risks is towards the patch causing more harm > than good. I would not backport it to Python 2.3. People have been using it for a long time. I'd be inclined to backport it to Python 2.4, which is still relatively new. If someone has buggy code, an upgrade is going to cause a problem for them at some point. Given how unlikely the risk is -- particularly given that division is the only useful future now -- I'd say the risk is acceptable for Python 2.4.1. (Unlike, say, Python 2.4.2.) Jeremy ___ Python-Dev mailing list [email protected] http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Re: [Python-checkins] python/dist/src/Python future.c, 2.14, 2.15
On 2005 Feb 05, at 16:49, Jeremy Hylton wrote: On Sat, 5 Feb 2005 02:31:26 -0500, Raymond Hettinger <[EMAIL PROTECTED]> wrote: [Anthony] While this is undoubtedly a bug fix, I'm not sure that it should be backported - it will break people's code that is "working" now (albeit in a faulty way). What do people think? I concur -- the balance of risks is towards the patch causing more harm than good. I would not backport it to Python 2.3. People have been using it for a long time. I'd be inclined to backport it to Python 2.4, which is still relatively new. If someone has buggy code, an upgrade is going to cause a problem for them at some point. Given how unlikely the risk is -- particularly given that division is the only useful future now -- I'd say the risk is acceptable for Python 2.4.1. (Unlike, say, Python 2.4.2.) +1 on having the fix in 2.4.1 but not in 2.3.5 -- exactly for the reasons Jeremy is giving. Alex ___ Python-Dev mailing list [email protected] http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Wanted: members for Python Security Response Team
> How will Python releases made in response to security bugs be done: will > they just include the security fix (rather than being taken from CVS > HEAD), without the usual alpha / beta testing cycle? Or what...? Depends where you get the release. *Vendors* (ActiveState, Red Hat, Ubuntu, Debian, etc.) typically release a new version that has *just* the fix; they have the infrastructure in place to do this sort of thing quickly and to let their customers benefit quickly. On python.org, however, we tend to take the maintenance branch for a particular version (e.g. 2.3.x or 2.4.x), add the fix, and accellerate the release. For example, we'll release 2.3.5 next week, and 2.4.1 probably some time this month. (In addition, of course, we publish the raw patch; also, we might end up making exceptions and/or start following the vendors' example in some or all cases). -- --Guido van Rossum (home page: http://www.python.org/~guido/) ___ Python-Dev mailing list [email protected] http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Wanted: members for Python Security Response Team
>> How will Python releases made in response to security bugs be done: >> will they just include the security fix (rather than being taken from >> CVS HEAD), without the usual alpha / beta testing cycle? Or what...? Guido> On python.org, however, we tend to take the maintenance branch Guido> for a particular version (e.g. 2.3.x or 2.4.x), add the fix, and Guido> accellerate the release. Would it be possible to release a 2.3.4a that has just the fix over and above the released version? In this case it turns out that the fix nearly coincided with the release of 2.3.5 and 2.4.1. Would you do an accelerated release if this had come up right after they were released? Skip ___ Python-Dev mailing list [email protected] http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
RE: [Python-Dev] Wanted: members for Python Security Response Team
> Would it be possible to release a 2.3.4a that has just the fix over and > above the released version? In this case it turns out that the fix nearly > coincided with the release of 2.3.5 and 2.4.1. Would you do an > accelerated > release if this had come up right after they were released? Just go to 2.3.6. No need to add a further complication to the numbering scheme. Raymond ___ Python-Dev mailing list [email protected] http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
[Python-Dev] Re: Wanted: members for Python Security Response Team
"Raymond Hettinger" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] >> Would it be possible to release a 2.3.4a that has just the fix over > and >> above the released version? In this case it turns out that the fix > nearly >> coincided with the release of 2.3.5 and 2.4.1. Would you do an >> accelerated >> release if this had come up right after they were released? > Just go to 2.3.6. No need to add a further complication to the > numbering scheme. As I remember, 2.3.1 was precedent for this -- a quick fix-one-critical-item release about a week after 2.3. Perhaps Python.org should have a release-announcement-only mailing list for people who would not get the news any other way. And/or perhaps final release announcements and security warnings could be made on the various Python-application mail lists if not so done already. Terry J. Reedy ___ Python-Dev mailing list [email protected] http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
Re: [Python-Dev] Re: Wanted: members for Python Security Response Team
Terry Reedy wrote: Perhaps Python.org should have a release-announcement-only mailing list for people who would not get the news any other way. And/or perhaps final release announcements and security warnings could be made on the various Python-application mail lists if not so done already. Alternately, could some topics be set up on the existing lists? (ala the new PEP topic for the checkins list). Regards, Nick. -- Nick Coghlan | [EMAIL PROTECTED] | Brisbane, Australia --- http://boredomandlaziness.skystorm.net ___ Python-Dev mailing list [email protected] http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
