osdir.com

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Python-Dev] What is the rationale behind source only releases?


On 5/16/2018 11:46 PM, Alex Walters wrote:

> This is actually the heart of the reason I asked the question.  CI tools are fairly good now.  If the CI tools could be used in such a way to make the building of binary artifacts less of a burden on the release managers, would there be interest in doing that, and in the process, releasing binary artifact installers for all security update releases.

The CI tools are used to test whether the repository is ready for a 
release.  The release manager and the two binary builders manually 
follow written scripts that include running various programs and 
scripts.  I don't know whether they master scripts are stable enough to 
automate yet.  The Windows binary production process was redone for 3.5. 
  The MacOS process was redone for 3.7 (.0b1).

> My rationale for asking if its possible is... well.. security releases are important, and it's hard to ask Windows users to install Visual Studio and build python to use the most secure version of python that will run your python program.

I believe one rationale for not offering binaries is the the security 
patches are mostly of interest to server people, who *do* build Python 
themselves.

If you think otherwise, you could offer to build an installer and see if 
a release manager would include it on python.org as an experiment.

-- 
Terry Jan Reedy