On Tue, Sep 27, 2011 at 16:32, Wanderer <wande...@dialup4less.com> wrote:
> I think it is strange to release a security update but not really expect > people > to use it. We expect that people who need 2.6 but won't move to 2.7, and at the same time are vulnerable to the security issue(s), would be able to compile Python for themselves. Shortly after 2.7 was released, 2.6 went into security-fix mode, and that's true of any X.Y and X.Y-1 pair. For a look at how busy the release schedule has been at times, I wrote about all of the releases we were up to in June at http://blog.python.org/2011/06/june-releases-267-272-314.html. Consider the fact that the person creating the installer usually creates at least three installers for any release (usually two candidates, and the final - add in alphas for a new X.Y), for each branch, of which three branches were having binary installers produced. For the specifics on the 2.6.7 fix, http://blog.python.org/2011/04/urllib-security-vulnerability-fixed.html covers it.
-- http://mail.python.org/mailman/listinfo/python-list
