Andreas, I understand both the importance of stability and the need for a security audit at some point. (I do wish we had the funds or I had the time to help move it forward, but I don't.) I also understand the need for a consistent framework for reporting and resolving bugs. It is reasonable to expect that all bugs be reported against the same framework to eliminate one significant possible variable. What does concern me is the way in which the recommendation to use (at the moment) Python 2.3.5 is explained. I may be willing to accept the risks of using a system which has not yet been audited in terms of security, but I want to know if there are any reported instabilities or incompatibilities which have been identified when, say, Python 2.4.X is used. I'd rather people say that the standard reference platform against which all bugs should be reported uses 2.3.5, and that use of other, later versions of Python is at your own risk. When using another Python that is known to cause problems, it would make sense to identify the problem so that users can make an informed decision. There are times when there are Python version related problems and these need to be identified and publicized. We certainly collect the incompatilities (if there are any) so they can be fixed as eventually the code base will move to later python systems. -d On Sun, 16 Oct 2005, Andreas Jung wrote:
--On 16. Oktober 2005 11:54:18 -0700 Dennis Allison <allison@shasta.stanford.edu> wrote:
IMHO it would be wise to track the releases of Python a bit more closely.
Software components choosen for a framework have to be solid and approved. There is no reason to run after every new python version or whatever. Stability and performance is somewhat more important than hunting for new language features.. Some features of Python 2.4 are nice2have but we can perfectly live with Python 2.3.5. If you want Python 2.4, use it (at your own risk).
As we already explained a bunch of times (sorry, this issue is bothering the more people ask about the same issue), a security audit has not happened yet. Why not? Because it takes time to do such an audit and the persons that can do such an audit likely had not time so far. So things are as they are and will change as they change. If you have the skills, resources and perhaps some money to fund the audit then raise your hand. Otherwise we have to wait until it will happen.
-aj
--