[Twisted-Python] maintenance release - a security issue and a regression
cam.turn at gmail.com
Wed Jan 30 15:25:34 EST 2013
I'd like to volunteer to be release manager for Twisted 12.3.1, and
help work on the other parts of the backporting/release process as I
I found and reported bug #6275 while working on a Twisted-based
project, and Glyph subsequently asked on IRC whether I'd like to be
involved in the release.
I think it might be time to have a maintenance release. Two issues in
particular stand out which might be suitable for inclusion in a
<http://twistedmatrix.com/trac/ticket/6275>]> - This is a potential
security issue which affects any twisted.web.template that uses the
(recommended!) method of using a <t:attr> tag to render an attribute
within a template. This might even be suitable for maintenance
releases of older versions, if anyone is using them.
<http://twistedmatrix.com/trac/ticket/6245>]> - This is a regression
which affects anyone using twisted.names with 'unicode'-typed
hostnames. This used to work, and, some of our own examples as well
as some in-the-wild applications - mostly those using XMPP -
actually relied upon it. IDNA hostnames never worked, but Python
unicode-typed ASCII used to work and now it doesn't.
Of course, in order to have a maintenance release with these bug
fixes, several things need to happen.
1) Someone needs to actually fix the issues. (I've written the code
for #6275 but it is awaiting review; #6245 still needs to be fixed.)
2) Someone needs to back-port those fixes to a release branch, based
on the 12.3.0 tag, and file tickets for those backports.
3) Someone needs to review the backports and get the committed to
4) Someone needs to volunteer to be the release manager for 12.3.0.
We apparently don't have any official process documentation for doing
patch releases, but most of what's in
<http://twistedmatrix.com/trac/wiki/ReleaseProcess>]> should apply.
Any volunteers for parts of this process?
Twisted-Python mailing list
Twisted-Python at twistedmatrix.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Twisted-Python