[Twisted-Python] maintenance release - a security issue and a regression
Shell
cam.turn at gmail.com
Wed Jan 30 13:25:34 MST 2013
I'd like to volunteer to be release manager for Twisted 12.3.1, and
help work on the other parts of the backporting/release process as I
can.
I found and reported bug #6275 while working on a Twisted-based
project, and Glyph subsequently asked on IRC whether I'd like to be
involved in the release.
Shell
Glyph wrote:
I think it might be time to have a maintenance release. Two issues in
particular stand out which might be suitable for inclusion in a
12.3.1:
* <[http://twistedmatrix.com/trac/ticket/6275:
<http://twistedmatrix.com/trac/ticket/6275>]> - This is a potential
security issue which affects any twisted.web.template that uses the
(recommended!) method of using a <t:attr> tag to render an attribute
within a template. This might even be suitable for maintenance
releases of older versions, if anyone is using them.
* <[http://twistedmatrix.com/trac/ticket/6245:
<http://twistedmatrix.com/trac/ticket/6245>]> - This is a regression
which affects anyone using twisted.names with 'unicode'-typed
hostnames. This used to work, and, some of our own examples as well
as some in-the-wild applications - mostly those using XMPP -
actually relied upon it. IDNA hostnames never worked, but Python
unicode-typed ASCII used to work and now it doesn't.
Of course, in order to have a maintenance release with these bug
fixes, several things need to happen.
1) Someone needs to actually fix the issues. (I've written the code
for #6275 but it is awaiting review; #6245 still needs to be fixed.)
2) Someone needs to back-port those fixes to a release branch, based
on the 12.3.0 tag, and file tickets for those backports.
3) Someone needs to review the backports and get the committed to
said branch.
4) Someone needs to volunteer to be the release manager for 12.3.0.
We apparently don't have any official process documentation for doing
patch releases, but most of what's in
<[http://twistedmatrix.com/trac/wiki/ReleaseProcess:
<http://twistedmatrix.com/trac/wiki/ReleaseProcess>]> should apply.
Any volunteers for parts of this process?
-glyph
_______________________________________________
Twisted-Python mailing list
Twisted-Python at twistedmatrix.com
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20130130/ac2defd6/attachment.html>
More information about the Twisted-Python
mailing list