On Fri, Oct 07, 2016 at 06:43:10PM +0200, Dominik 'Rathann' Mierzejewski wrote: > Dear All, > I was made aware that EOL software with known security bugs that will > not be fixed upstream (due to EOL status) was reviewed and accepted into > Fedora recently. This came on the back of the FPC ticket [1] asking to > make some changes in the Python Packaging Guidelines. I did go back and > re-read our current guidelines and found that we don't have any policy > on that. As a result, I opened a FESCo ticket [2] with the aim of > establishing a clear policy on how to treat EOL software with known > security vulnerabilities. A parallel could be drawn between previous python versions and previous C standards, like c89, c90, c99, etc. One could say that they are obsolete, but it is still very convenient to be able to add CFLAGS=-ansi. The difference is that gcc has this built in, while python does not have compatibility with previous "standards", so the only way to test with previous versions is to run those previous versions. It's damn useful for testing, and it's much more convenient to do it through dnf install than through virtualization/containers/cloud/hand-compilation/copr/other-nonstandard-things. So from my side, a vote for 1. labelling old pythons very clearly as such, 2. allowing people to install them using dnf. Zbyszek _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
