-
Notifications
You must be signed in to change notification settings - Fork 928
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add warning about reference interop for build numbers #1277
Conversation
Co-authored-by: Brett Cannon <brett@python.org>
Thanks for the PR! It might be important to clarify cases where it makes sense to use build numbers, I think. For example, a wheel can be published early in the upcoming CPython release cycle but as things evolve and it enters beta/rc, it would probably be reasonable to rebuild a wheel under a newer runtime with zero changes to the source or its deps. As for the security releases I agree that it's a good idea to bump the patch version number. But also, I'd rebuild the older wheels with a new build number in some cases, when it's possible, in addition to making the new release. This way, I feel like the security fix might reach a wider number of users incidentally. Though, in the announcements, I'd still refer to the new release to reduce possible confusion. WDYT? |
Seems like a good idea to me, I can capture this in this PR!
I'm not sure about "backporting" a fix to an existing release using build numbers, has a few downsides:
In general I don't think we should recommend folks use build numbers this way, there might be some projects where this works for though? |
@webknjaz I've updated with a quick blurb about a valid use-case, let me know if the phrasing makes sense or needs tweaking. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! Love it! Sorry for the delay...
Thanks @webknjaz, no worries on the timing! :) |
Follow-up from discussion here: https://discuss.python.org/t/guidance-on-wheel-build-numbers-for-external-reference-security-fixes/29621