[Twisted-Python] maintenance release - a security issue and a regression

Glyph glyph at twistedmatrix.com
Wed Jan 30 14:04:36 EST 2013


I think it might be time to have a maintenance release.  Two issues in particular stand out which might be suitable for inclusion in a 12.3.1:

<http://twistedmatrix.com/trac/ticket/6275> - This is a potential security issue which affects any twisted.web.template that uses the (recommended!) method of using a <t:attr> tag to render an attribute within a template.  This might even be suitable for maintenance releases of older versions, if anyone is using them.
<http://twistedmatrix.com/trac/ticket/6245> - This is a regression which affects anyone using twisted.names with 'unicode'-typed hostnames.  This used to work, and, some of our own examples as well as some in-the-wild applications - mostly those using XMPP - actually relied upon it.  IDNA hostnames never worked, but Python unicode-typed ASCII used to work and now it doesn't.

Of course, in order to have a maintenance release with these bug fixes, several things need to happen.

Someone needs to actually fix the issues. (I've written the code for #6275 but it is awaiting review; #6245 still needs to be fixed.)
Someone needs to back-port those fixes to a release branch, based on the 12.3.0 tag, and file tickets for those backports.
Someone needs to review the backports and get the committed to said branch.
Someone needs to volunteer to be the release manager for 12.3.0.

We apparently  don't have any official process documentation for doing patch releases, but most of what's in <http://twistedmatrix.com/trac/wiki/ReleaseProcess> should apply.

Any volunteers for parts of this process?

-glyph

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://twistedmatrix.com/pipermail/twisted-python/attachments/20130130/cbf5d1a1/attachment.htm 


More information about the Twisted-Python mailing list