Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security update (for all supported Python versions) #230

Closed
PallHaraldsson opened this issue Oct 10, 2022 · 4 comments
Closed

Security update (for all supported Python versions) #230

PallHaraldsson opened this issue Oct 10, 2022 · 4 comments

Comments

@PallHaraldsson
Copy link
Contributor

https://pythoninsider.blogspot.com/2022/09/python-releases-3107-3914-3814-and-3714.html

I noticed:
JuliaPackaging/Yggdrasil#5650

I didn't look into how you download Python, but if you use that, I suggest upgrading to that version (when that PR is merged).

Conversely for Python users, you download Julia, and wants to download latest Julia, how do you do that? Could it or should it use juliaup?
@cjdoris
Copy link
Collaborator

cjdoris commented Oct 10, 2022

Python is installed with Conda by default, so the version the user gets it out of my hands, but will typically be the latest version, or the latest in a minor series.

Julia is installed by JuliaUp if the user has it installed, or else it is downloaded directly and installed into a environment-specific location.

@cjdoris cjdoris closed this as completed Oct 10, 2022
@PallHaraldsson
Copy link
Contributor Author

You mean CondaPkg (mamba)?

I tried it, though directly, and it gets me 3.8.13, even though 3.8.14 is the secure version. I see:

Anaconda supports Python 3.7, 3.8, 3.9 and 3.10. The current default is Python 3.9.

Not sure why I didn't get 3.9, which is likely also behind, and I see 3.10.6 not the secure 3.10.7, which would be preferred, unless I missed something, there seem to be many channels, and not sure if you should use some other.

https://anaconda.org/search?q=python

https://anaconda.org/conda-forge/python

@cjdoris
Copy link
Collaborator

cjdoris commented Oct 11, 2022

PythonCall installs Python from the conda-forge channel, which is currently on v3.10.6. I guess it takes time for them to package it up.

@PallHaraldsson
Copy link
Contributor Author

PallHaraldsson commented Oct 13, 2022
edited
Loading

I'm not sure what's taking them so long, but do you know if it's possible to get rc2 through conda (otherwise I believe you can use it or any version manually, and bypass conda)? Also of interest:

https://peps.python.org/pep-0594/

Starting with Python 3.11, deprecated modules will start issuing DeprecationWarning. [..]

3.13
All modules deprecated by this PEP are removed from the main branch of the CPython repository and are no longer distributed as part of Python.

So your users are going to see DeprecationWarning soon (but I think only if trying to use those modules, which they likely wont), so I'm a bit curious if there might be a non-default Python out there with those modules already dropped, like 3.13, but otherwise like 3.11, that people could opt into for smaller downloads (or you could for them...?).

https://peps.python.org/pep-0623/

Python 3.12
Following members are removed from the Unicode structures:
wstr [..]

I'm not sure this will affect you (and then only on Windows?), but might help with other UTF-8 string issue here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cjdoris @PallHaraldsson