Re: [Python-Dev] PEP 382: Namespace Packages
Martin v. Löwis schrieb: > I propose the following PEP for inclusion to Python 3.1. > Please comment. > > Regards, > Martin > > Abstract > > > Namespace packages are a mechanism for splitting a single Python > package across multiple directories on disk. In current Python > versions, an algorithm to compute the packages __path__ must be > formulated. With the enhancement proposed here, the import machinery > itself will construct the list of directories that make up the > package. +1 speaking as a downstream packaging python for Debian/Ubuntu I welcome this approach. The current practice of shipping the very same file (__init__.py) in different packages leads to conflicts for the installation of these packages (this is not specific to dpkg, but is true for rpm packaging as well). Current practice of packaging (for downstreams) so called "name space packages" is: - either to split out the namespace __init__.py into a separate (linux distribution) package (needing manual packaging effort for each name space package) - using downstream specific packaging techniques to handle conflicting files (diversions) - replicating the current behaviour of setuptools simply overwriting the file conflicts. Following this proposal (downstream) packaging of namespace packages is made possible independent of any manual downstream packaging decisions or any downstream specific packaging decisions. Matthias -- http://mail.python.org/mailman/listinfo/python-list
Re: [Python-Dev] Python 2.5.3: call for patches
Martin v. Löwis schrieb: >> I would like to apply fixes for some CVE's which are addressed in 2.5 but not >> yet in 2.4. this would include >> >> CVE-2007-4965 >> CVE-2008-1679 >> CVE-2008-1721 >> CVE-2008-2315 >> CVE-2008-3144 >> CVE-2008-1887 >> CVE-2008-4864 > > Can you identify the revisions that would need backporting? > > I could only find (trunk revisions) > CVE-2007-4965: r65880 > CVE-2008-1721: r62235, issue2586 > CVE-2008-3144: issue2588, issue2589, r63734, r63728. > CVE-2008-1887: issue2587, r62261, r62271 > CVE-2008-4864: r66689 > > So what about > > CVE-2008-1679: claimed to be issue1179 in the CVE, but > that says it fixes CVE-2007-4965 only? the original fix for CVE-2007-4965 did miss two chunks, which are included in r65878 on the 2.5 branch. > CVE-2008-2315 this is r65334 on the 2.5 branch and r65335 on the trunk: Security patches from Apple: prevent int overflow when allocating memory this was already checked in, with an added NEWS item in 2.4.5. Moved this to 2.4.6. > In principle, this is fine with me, so go ahead. Done. -- http://mail.python.org/mailman/listinfo/python-list
Re: [Python-Dev] Python 2.5.3: call for patches
Martin v. Löwis schrieb: > Within a few weeks, we will release Python 2.5.3. This will be the last > bug fix release of Python 2.5, afterwards, future releases of 2.5 will > only include security fixes, and no binaries (for Windows or OSX) will > be provided anymore (from python.org). > > In principle, the release will include all changes that are already on > the release25-maint branch in subversion [1]. If you think that specific > changes should be considered, please create an issue in the bug tracker > [2], and label it with the 2.5.3 version. Backports of changes that > are already released in Python 2.6 but may apply to 2.5 are of > particular interest. I would like to apply fixes for some CVE's which are addressed in 2.5 but not yet in 2.4. this would include CVE-2007-4965 CVE-2008-1679 CVE-2008-1721 CVE-2008-2315 CVE-2008-3144 CVE-2008-1887 CVE-2008-4864 Matthias -- http://mail.python.org/mailman/listinfo/python-list