From nobody Thu Sep 08 00:54:46 2022 X-Original-To: freebsd-python@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4MNLHw3x0jz4bc3n for ; Thu, 8 Sep 2022 00:54:52 +0000 (UTC) (envelope-from koobs.freebsd@gmail.com) Received: from mail-pg1-x535.google.com (mail-pg1-x535.google.com [IPv6:2607:f8b0:4864:20::535]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4MNLHv5Lvwz3s2X; Thu, 8 Sep 2022 00:54:51 +0000 (UTC) (envelope-from koobs.freebsd@gmail.com) Received: by mail-pg1-x535.google.com with SMTP id q63so15171170pga.9; Wed, 07 Sep 2022 17:54:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:reply-to:user-agent:mime-version:date :message-id:sender:from:to:cc:subject:date; bh=gngYn3hWC7B09WszjDP5SWYEcC2wEyzVbertgqHRMyY=; b=Q+emC4huq4M3FUb8Fs05EQ2SmvBBd2pBwgYepFSvbEx8XvgsJIYy10OWcOIbEM2xfC 0QbAoln++Me3ukuVAQN9LCgJwn1HWaO7eAeg3ioEEQ4aN+IV8wKRlAQb5Mpw/f1mJw7B xNrHYzycFK3Z4L3oTdZxHwh3oVN4TEQK4T/S7nP9FF7jyr4OXPaX5ewEuiJa0fGaXZil vp0WCeHs+6FUx0AZUtNNubJkxwcZnmvaL1U666ld8zFGviAvPdSD0odsUNY2WMxPGqLy lIYnDOjYpXeEdG7iSfTgmmMrkOmJzzO+AMq3qPGn2GqeHRxKZStExgrStb/e0JtA6UWV Cc0A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:reply-to:user-agent:mime-version:date :message-id:sender:x-gm-message-state:from:to:cc:subject:date; bh=gngYn3hWC7B09WszjDP5SWYEcC2wEyzVbertgqHRMyY=; b=dI23HBTkHvPR92SItwNqHIEwP/V9xq9EhACtrcAllRhY3rdCyPT9P4axe84MDLonvq MH6mRwHN/KNiLDMXC1VXEqxM+jTQJ3Hiy9A+0PJMk2W4jQ5XOnPvrmRk0D+QqfAV/Cuj +ax4Nbx82Ap3OrWO1FVptwv08I183FESv9pcc1An78ri2lOFLLh9lJtWIXJvZE1ILY16 g6zN6vUalA0wVsW/Ra6OR8ElAlQD+t72wJX09vwu3jaSQ/JcI7D8qVZI8ZhXHHdc5mBv zg47q555R9Fl9KcB3cAW2BQhGxyQLrrCgpSAoOIps6O2bWYfLhKI9GlJXbFVqnFCCb+s df9Q== X-Gm-Message-State: ACgBeo2zGlyNHj1D895Zt6tfiyCwAGqug4EIehxv5/DyvBJPd7uDtBoO 5v1j9ec7Cnz3/EueDvJjMFM= X-Google-Smtp-Source: AA6agR7Qm+2GMTXcdl/QhrAVp/nWSU+FQhbFFKWHtIz99FXDL9vRcpxmDWzbNAeeBM1+cbobc5l2+Q== X-Received: by 2002:a65:6750:0:b0:434:23a5:dbb0 with SMTP id c16-20020a656750000000b0043423a5dbb0mr5561233pgu.557.1662598490583; Wed, 07 Sep 2022 17:54:50 -0700 (PDT) Received: from ?IPV6:2403:5807:1b:1:7da9:42f8:1c0:2175? (2403-5807-1b-1-7da9-42f8-1c0-2175.ip6.aussiebb.net. [2403:5807:1b:1:7da9:42f8:1c0:2175]) by smtp.gmail.com with ESMTPSA id a7-20020a1709027d8700b0017691eb7e17sm9905525plm.239.2022.09.07.17.54.47 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 07 Sep 2022 17:54:50 -0700 (PDT) Message-ID: <8fc30540-3b14-04d8-f83e-25ed8a2579ff@FreeBSD.org> Date: Thu, 8 Sep 2022 10:54:46 +1000 List-Id: FreeBSD-specific Python issues List-Archive: https://lists.freebsd.org/archives/freebsd-python List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-python@freebsd.org X-BeenThere: freebsd-python@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101 Thunderbird/106.0a1 Reply-To: koobs@FreeBSD.org Subject: =?UTF-8?B?UmU6IOWbnuWkjTogbGFuZy9weXRob24qOiBTZWN1cml0eSBhbmQgYnVn?= =?UTF-8?Q?_fix_releases_not_marked_or_merged?= To: wen heping , Wen Heping , FreeBSD Python Team References: <70ef8f8a-1a9e-a1f9-8c22-548eb8423a11@FreeBSD.org> Content-Language: en-US From: Kubilay Kocak In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4MNLHv5Lvwz3s2X X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20210112 header.b=Q+emC4hu; dmarc=none; spf=pass (mx1.freebsd.org: domain of koobs.freebsd@gmail.com designates 2607:f8b0:4864:20::535 as permitted sender) smtp.mailfrom=koobs.freebsd@gmail.com X-Spamd-Result: default: False [-3.20 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.998]; FORGED_SENDER(0.30)[koobs@FreeBSD.org,koobsfreebsd@gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112]; MIME_GOOD(-0.10)[text/plain]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; HAS_REPLYTO(0.00)[koobs@FreeBSD.org]; FROM_NEQ_ENVFROM(0.00)[koobs@FreeBSD.org,koobsfreebsd@gmail.com]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; DMARC_NA(0.00)[freebsd.org]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; TAGGED_FROM(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_ALL(0.00)[]; REPLYTO_ADDR_EQ_FROM(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::535:from]; DKIM_TRACE(0.00)[gmail.com:+]; RCVD_TLS_LAST(0.00)[]; FREEMAIL_TO(0.00)[hotmail.com,FreeBSD.org]; FREEMAIL_ENVFROM(0.00)[gmail.com]; MIME_TRACE(0.00)[0:+]; MLMMJ_DEST(0.00)[freebsd-python@freebsd.org] X-ThisMailContainsUnwantedMimeParts: N On 8/09/2022 10:42 am, wen heping wrote: > The document of vuxml had been committed some minutes ago. > The merge should be committed after some hours, I would remember it. > > wen Thanks Wen. The important part of the message is that for future updates, it would be great not to require anyone else to check to make sure security and bugfixes are marked and merged and that updates are all tracked (so people/the team receive notifications for review, etc). Ideally, vuxml entries are added as a first step (nothing blocks these), while we work on updates, exp-runs and review, so that: a) users know about security issues as quickly as possible. b) encourage us to get changes out as quickly as possible. > ________________________________________ > 发件人: Kubilay Kocak 代表 Kubilay Kocak > 发送时间: 2022年9月8日 8:31 > 收件人: Wen Heping; FreeBSD Python Team > 主题: lang/python*: Security and bug fix releases not marked or merged > > Hi Wen, > > The latest round of lang/python* updates (3.9.14 still pending) don't > appear to have been marked as security releases (in security/vuxml) or > merged to the quarterly branch (for security and bugfixes). > > lang/python310: Update to 3.10.7 > > https://cgit.freebsd.org/ports/commit/lang?id=1d9f19a0169e1cdbfedda11b75635fe89444a6c1 > https://docs.python.org/release/3.10.7/whatsnew/changelog.html#python-3-10-7-final > > lang/python37: Update to 3.7.14 > > https://cgit.freebsd.org/ports/commit/lang?id=7a50813b62ea926b18447a23cd75aa84b5569f22 > https://www.python.org/downloads/release/python-3714/ > > lang/python38: Update to 3.8.14 > > https://cgit.freebsd.org/ports/commit/lang?id=fddd2fc682516649a9a180d65fbece9c3ff80af0 > https://docs.python.org/release/3.8.14/whatsnew/changelog.html > > lang/python39: Update to 3.9.14 > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266286 > https://docs.python.org/release/3.9.14/whatsnew/changelog.html > > Everyone appreciates your time and effort keeping Python language ports > up to date, but it's also important that we set a high standards of QA > and completeness. It goes without saying that this is especially the > case for security issues. > > Additionally, the Python team has the luxury of having an upstream that > has multiple long-lived minor version branches that only receive > security and bug fixes (with an explicit no feature change policy). > > This means that every release after a version x.0 is a bugfix and/or > security update, should be merged (merge by default). > > I'd like to ask (everyone), that all future Python language port updates > at a minimum: > > - Have issues created in Bugzilla > > - Have at least one other Python team member review/accept before being > committed, ideally more. > > - For maintenance releases (any versions after a *.0), are marked for > merging by default (merge-quarterly = ?), and merged before being > considered resolved and closing in Bugzilla. > > - For security updates: Have security/vuxml entry patches attached along > side version update patches in Bugzilla > > -- > Regards, > > Kubilay > ^Python