touch-packages team mailing list archive

[Kevin Carter <kevin.carter@xxxxxxxxxxxxx>]

I have to agree with the sentiment that this should be backported on the
grounds Ubuntu LTS releases are popular server operating systems which
many folks rely on for day to day operations. As an LTS release its
expected security issues will be taken care of as long as the release is
supported. The idea that this is not being backported because it has the
potential to break some applications which have made assumptions
regarding certificate validation is beyond me and I find the notion that
some internal team within Ubuntu is going to sit and fix applications
invididually absolutely crazy. If individual application patching is
being proposed it would seem more sane to simply backported the security
fix and hunt for apps that are now unstable. If and when these apps are
found folks at Ubuntu or in the general community should coordinate with
the respective upstream to get the appropriate fixes in. IMHO holding
back this update will do more harm then good.

As a potential compromise, might this be considered for backported in
14.04 only? I ask because, like @wkoot, I would rather not have to wait
and later upgrade to Ubuntu 16.04 to see this security issue resolved.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python-defaults in Ubuntu.
https://bugs.launchpad.net/bugs/1401322

Title:
  Upgrade to Python 2.7.9

Status in python-defaults package in Ubuntu:
  Fix Released

Bug description:
  Python 2.7.9 contains numerous security improvements for Python.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-defaults/+bug/1401322/+subscriptions