Re: python 2.3
On Thu, Dec 21, 2006 at 02:21:40PM -0800, Thomas Bushnell BSG wrote:
> On Wed, 2006-12-20 at 19:51 -0800, Steve Langasek wrote:
> > On Tue, Dec 19, 2006 at 11:17:03AM -0800, Thomas Bushnell BSG wrote:
> > > The python team has apparently decreed that python 2.3 will not be in
> > > etch. This forces every package to use the new version. Surely it is
> > > too late in the release cycle to be risking regressions in this way?
> > The python team has expressed concern about the security supportability of
> > python2.3 in etch. Extension packages built with the current version of
> > python-all-dev and friends already have no support for python2.3; shipping
> > python2.3 in stable for the benefit of a handful of reverse dependencies is
> > a genuine concern, particularly when those reverse-deps work just fine with
> > python 2.4.
> And yet, this isn't the only case. Users actually use the programs in
> Debian, not just other parts of Debian. Why is python 2.3 some sort of
> security nightmare? And what suddenly happened to make it one?
$ du -sh p/python2.3/python2.3_2.3.5.orig.tar.gz
8.2M p/python2.3/python2.3_2.3.5.orig.tar.gz
$
That much code is always a security nightmare, it just now happens to be one
that we can feasibly get rid of. :)
> What about users who are depending on Python 2.3? Do they just lose?
Users who depend on obsolete software always lose when the bar moves. I
don't find that a compelling reason to keep python2.3 around for another
release cycle, when it's going to be dropped later anyway.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon@debian.org http://www.debian.org/
Reply to: