[Python-Dev] [RELEASE] Python 3.7.12 and 3.6.15 security updates now available

2021-09-06 Thread nad 
The content of this message was lost. It was probably cross-posted to
multiple lists and previously handled on another list.
___
Python-Dev mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/python-dev.python.org/
Message archived at 
https://mail.python.org/archives/list/[email protected]/message/63WSMZIFKDJFSJF3SRBJR36Z4YB45VYG/
Code of Conduct: http://python.org/psf/codeofconduct/

[Python-Dev] Re: [RELEASE] Python 3.7.12 and 3.6.15 security updates now available

2021-09-06 Thread Ned Deily 
[Re-retransmit]

Python 3.7.12 and 3.6.15, the lastest security fix rollups for Python 3.7 and 
Python 3.6, are now available. You can find the release files, links to the 
changelogs, and more information here:

  https://www.python.org/downloads/release/python-3712/
  https://www.python.org/downloads/release/python-3615/

These releases are source code only; Windows and macOS binary installers are 
not provided for security fix releases.

Note that Python 3.9 is now the latest feature release series of Python 3. You 
should consider upgrading to 3.9 as soon as practical. Get the latest release 
of 3.9.x here:

  https://www.python.org/downloads/

Thanks to all of the many volunteers who help make Python Development and these 
releases possible! Please consider supporting our efforts by volunteering 
yourself or through organization contributions to the Python Software 
Foundation.

  https://www.python.org/psf-landing/
___
Python-Dev mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/python-dev.python.org/
Message archived at 
https://mail.python.org/archives/list/[email protected]/message/6U6FM7TD64TZKO2A7X3WCWEK6CM2EQZC/
Code of Conduct: http://python.org/psf/codeofconduct/

[Python-Dev] Re: Making code object APIs unstable

2021-09-06 Thread Guido van Rossum 
On Fri, Sep 3, 2021 at 4:12 PM Victor Stinner  wrote:

> On Thu, Sep 2, 2021 at 11:15 PM Guido van Rossum  wrote:
> > FWIW I've applied for an exception from the two-release deprecation
> policy from the SC:
> > https://github.com/python/steering-council/issues/75
>
> On the PyPI top 5000 packages, 136 contain "PyCode" in the source. I
> didn't check how many are using Cython.
>

Most of them. :-)

I wrote a script that to do a similar search on the 4000 most popular
packages, disregarding Cython-generated files (these have "/* Generated by
Cython  */" in their first line). Now the list collapsed to this:

Cython-3.0a7.tar.gz: 11 hits in 3 files
frozendict-2.0.6.tar.gz: 14 hits in 8 files
gevent-21.8.0.tar.gz: 1 hits in 1 files
JPype1-1.3.0.tar.gz: 1 hits in 1 files
mypy-0.910.tar.gz: 2 hits in 1 files
reportlab-3.6.1.tar.gz: 1 hits in 1 files
setuptools-9.1.tar.gz: 1 hits in 1 files

Of these:

Cython: obviously :-)
frozendict: calls PyCode_NewEmpty; seems to include modified CPython headers
gevent: Uses Cython's __Pyx_PyCode_New in a generated .h file
JPype: calls PyCode_NewEmpty
mypy: PyCode_NewEmpty mentioned in a comment
reportlab: calls PyCode_NewEmpty
setuptools: in a file generated by Pyrex (Cython's predecessor)

There wasn't a single call to PyCode_NewWithPosOnlyArgs in any of these
apart from Cython.

In addition, I just heard from the SC that they've approved the exception.
So we will remove these two APIs from 3.11 without deprecation. I've filed
https://bugs.python.org/issue45122 to get this done (looking for
volunteers).

-- 
--Guido van Rossum (python.org/~guido)
*Pronouns: he/him **(why is my pronoun here?)*

___
Python-Dev mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/python-dev.python.org/
Message archived at 
https://mail.python.org/archives/list/[email protected]/message/ABU7TDQUOGKDQDK5WAZGUBYO2BDIYUND/
Code of Conduct: http://python.org/psf/codeofconduct/

[Python-Dev] Re: Making code object APIs unstable

2021-09-06 Thread Victor Stinner 
Oh, I didn't know this *existing* C API function:

PyCode_NewEmpty(const char *filename, const char *funcname, int firstlineno)

So Cython could be modified to use it, no?

Victor

On Tue, Sep 7, 2021 at 12:44 AM Guido van Rossum  wrote:
>
> On Fri, Sep 3, 2021 at 4:12 PM Victor Stinner  wrote:
>>
>> On Thu, Sep 2, 2021 at 11:15 PM Guido van Rossum  wrote:
>> > FWIW I've applied for an exception from the two-release deprecation policy 
>> > from the SC:
>> > https://github.com/python/steering-council/issues/75
>>
>> On the PyPI top 5000 packages, 136 contain "PyCode" in the source. I
>> didn't check how many are using Cython.
>
>
> Most of them. :-)
>
> I wrote a script that to do a similar search on the 4000 most popular 
> packages, disregarding Cython-generated files (these have "/* Generated by 
> Cython  */" in their first line). Now the list collapsed to this:
>
> Cython-3.0a7.tar.gz: 11 hits in 3 files
> frozendict-2.0.6.tar.gz: 14 hits in 8 files
> gevent-21.8.0.tar.gz: 1 hits in 1 files
> JPype1-1.3.0.tar.gz: 1 hits in 1 files
> mypy-0.910.tar.gz: 2 hits in 1 files
> reportlab-3.6.1.tar.gz: 1 hits in 1 files
> setuptools-9.1.tar.gz: 1 hits in 1 files
>
> Of these:
>
> Cython: obviously :-)
> frozendict: calls PyCode_NewEmpty; seems to include modified CPython headers
> gevent: Uses Cython's __Pyx_PyCode_New in a generated .h file
> JPype: calls PyCode_NewEmpty
> mypy: PyCode_NewEmpty mentioned in a comment
> reportlab: calls PyCode_NewEmpty
> setuptools: in a file generated by Pyrex (Cython's predecessor)
>
> There wasn't a single call to PyCode_NewWithPosOnlyArgs in any of these apart 
> from Cython.
>
> In addition, I just heard from the SC that they've approved the exception. So 
> we will remove these two APIs from 3.11 without deprecation. I've filed 
> https://bugs.python.org/issue45122 to get this done (looking for volunteers).
>
> --
> --Guido van Rossum (python.org/~guido)
> Pronouns: he/him (why is my pronoun here?)



-- 
Night gathers, and now my watch begins. It shall not end until my death.
___
Python-Dev mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3/lists/python-dev.python.org/
Message archived at 
https://mail.python.org/archives/list/[email protected]/message/VQOKM6V7UJA2M6LBZ4JPHLVRK3OCHNRU/
Code of Conduct: http://python.org/psf/codeofconduct/