[Twisted-Python] maintenance release - a security issue and a regression

Shell cam.turn at gmail.com
Wed Jan 30 15:25:34 EST 2013


I'd like to volunteer to be release manager for Twisted 12.3.1, and
help work on the other parts of the backporting/release process as I
can.

I found and reported bug #6275 while working on a Twisted-based
project, and Glyph subsequently asked on IRC whether I'd like to be
involved in the release.


Shell


Glyph wrote:





I think it might be time to have a maintenance release.  Two issues in
particular stand out which might be suitable for inclusion in a
12.3.1:


  * <[http://twistedmatrix.com/trac/ticket/6275:
  <http://twistedmatrix.com/trac/ticket/6275>]> - This is a potential
  security issue which affects any twisted.web.template that uses the
  (recommended!) method of using a <t:attr> tag to render an attribute
  within a template.  This might even be suitable for maintenance
  releases of older versions, if anyone is using them.

  * <[http://twistedmatrix.com/trac/ticket/6245:
  <http://twistedmatrix.com/trac/ticket/6245>]> - This is a regression
  which affects anyone using twisted.names with 'unicode'-typed
  hostnames.  This used to work, and, some of our own examples as well
  as some in-the-wild applications - mostly those using XMPP -
  actually relied upon it.  IDNA hostnames never worked, but Python
  unicode-typed ASCII used to work and now it doesn't.

Of course, in order to have a maintenance release with these bug
fixes, several things need to happen.



  1) Someone needs to actually fix the issues. (I've written the code
  for #6275 but it is awaiting review; #6245 still needs to be fixed.)

  2) Someone needs to back-port those fixes to a release branch, based
  on the 12.3.0 tag, and file tickets for those backports.

  3) Someone needs to review the backports and get the committed to
  said branch.

  4) Someone needs to volunteer to be the release manager for 12.3.0.

We apparently  don't have any official process documentation for doing
patch releases, but most of what's in
<[http://twistedmatrix.com/trac/wiki/ReleaseProcess:
<http://twistedmatrix.com/trac/wiki/ReleaseProcess>]> should apply.

Any volunteers for parts of this process?

-glyph

_______________________________________________
Twisted-Python mailing list
Twisted-Python at twistedmatrix.com
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://twistedmatrix.com/pipermail/twisted-python/attachments/20130130/ac2defd6/attachment.htm 


More information about the Twisted-Python mailing list